RFR: 8349546: Linux support for Kerberos "nativeccache" functionality [v13]
Nick Hall
duke at openjdk.org
Tue Nov 18 18:51:05 UTC 2025
On Tue, 18 Nov 2025 17:31:04 GMT, Weijun Wang <weijun at openjdk.org> wrote:
> `UnsatisfiedLinkError` is not an `Exception`. It's just a `Throwable`.
Good point. I wonder what the intent of that exception handling code is, then. I assumed it was to silently fall back to using the pure Java code in the event a library was un-loadable / not present, etc. In this particular case, it's almost essential that this happens, because otherwise a JDK with this feature compiled in and distributed to a machine without libkrb5 installed would basically be unable to use anything that called the `Credentials` class methods.
Looking at the code further: `ensureLoaded()` calls only `System.loadLibrary()`, which only throws the following checked exceptions:
SecurityException
UnsatisfiedLinkError
NullPointerException
Of those, the libname is always a static string, so that just leaves the first two (or another `RuntimeException`). Either of those will yield an un-loadable library, but the first will be swallowed. Does that mean the code above should also catch the `UnsatisfiedLinkError`?
-------------
PR Comment: https://git.openjdk.org/jdk/pull/28075#issuecomment-3549093006
More information about the security-dev
mailing list