Webstart security problem
Alan Bateman
Alan.Bateman at oracle.com
Sun Nov 6 19:54:27 UTC 2016
On 06/11/2016 01:46, Wang Weijun wrote:
> :
>> Has each module it's own classloader?
> There are 2 class loaders loading JDK classes now, the boot loader loading modules like java.base etc, the platform loader loading some other modules (see http://hg.openjdk.java.net/jdk9/dev/file/e41be20156e6/make/common/Modules.gmk#l47).
>
> The platform modules do not always have AllPermission.
>
Right, and I think more of the stack trace will be needed to diagnose
this. In particular the java.xml.ws module was mentioned in the original
message so it would be good to see where it is in the stack as this
could be missing doPrivileged, maybe in a callback and so is restricted
by the limited permissions that the java.xml.ws module has been granted.
-Alan
More information about the jdk9-dev
mailing list