RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization

Claes Redestad claes.redestad at oracle.com
Wed Jan 11 15:39:14 UTC 2017


On 01/11/2017 03:56 PM, Adam Petcher wrote:
> On 1/11/2017 9:27 AM, Claes Redestad wrote:
>> Hi Adam,
>> On 01/11/2017 02:34 PM, Adam Petcher wrote:
>>> Please review the following bug fix:
>>> http://cr.openjdk.java.net/~apetcher/8168075/webrev.00/
>>> This fixes a bug in which a permission check would try to load 
>>> resources while the system class loader is being initialized. 
>>> Resources cannot be loaded at this time, so this change ensures that 
>>> the resources are loaded earlier.
>> couldn't this be done in System.setSecurityManager rather than in a 
>> static block
>> in SecurityManager?
>> http://cr.openjdk.java.net/~redestad/scratch/8168075.alt/
>> The provided EarlyLoad test still pass with this approach, and this 
>> would avoid loading a few
>> classes and a resource bundle when not installing a security manager 
>> (the SecurityManager
>> class is always loaded on bootstrap).
> That would work, but I was trying to avoid cluttering up System.java 
> with this code. What if we put it in the SecurityManager constructor? 
> Would that accomplish the same goal?

the public default constructor of SecurityManager will always be run no 
matter how the class is overridden, so I guess it would, yes.



>> Thanks!
>> /Claes

More information about the security-dev mailing list