Webstart security problem

Alan Bateman Alan.Bateman at oracle.com
Sun Nov 6 19:54:27 UTC 2016


On 06/11/2016 01:46, Wang Weijun wrote:

> :
>> Has each module it's own classloader?
> There are 2 class loaders loading JDK classes now, the boot loader loading modules like java.base etc, the platform loader loading some other modules (see http://hg.openjdk.java.net/jdk9/dev/file/e41be20156e6/make/common/Modules.gmk#l47).
>
> The platform modules do not always have AllPermission.
>
Right, and I think more of the stack trace will be needed to diagnose 
this. In particular the java.xml.ws module was mentioned in the original 
message so it would be good to see where it is in the stack as this 
could be missing doPrivileged, maybe in a callback and so is restricted 
by the limited permissions that the java.xml.ws module has been granted.

-Alan


More information about the jdk9-dev mailing list