RFR: JDK-8075706 : Policy implementation does not allow policy.provider to be on the class path

Alan Bateman Alan.Bateman at oracle.com
Mon May 4 14:55:10 UTC 2015

On 01/05/2015 13:48, Sean Mullan wrote:
> Please review this change to use the system class loader to locate a 
> policy provider specified with the policy.provider security property. 
> The current implementation tries to load the provider using the 
> extension class loader. This will no longer work when the extension 
> mechanism is removed, which is proposed as part of JEP 220: 
> http://openjdk.java.net/jeps/220
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8075706/webrev.01/
The change looks okay but I wonder if there is an opportunity to do some 

One thing that is a bit icky is the catching of Exception for the case 
that the policy class is loaded by boot loader but it can't be 
instantiated for some reason. It might be  better to replace this with 
Class.forName(policy_class, false, null) and only fallback to trying 
again with the SCL if CNFE is thrown. That way you could have once place 
to instantiate the policy class and log the exception if it fails.


More information about the security-dev mailing list