[JDK-6899533] SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission - Java Bug System

Details

Type: Bug
Status: Closed
Priority: P3
Resolution: Fixed
Affects Version/s: 7
Fix Version/s: 12
Component/s: security-libs
Labels:

Subcomponent:
java.security
Resolved In Build:
b11
CPU:

generic
OS:

generic
Verification:
Not verified

Description

SecurityClassLoader and URLClassLoader have unnecessary security checks.

protected SecureClassLoader() {
    super();
    // this is to make the stack depth consistent with 1.1
    SecurityManager security = System.getSecurityManager();
    if (security != null) {
        security.checkCreateClassLoader();
    }
    initialized = true;
}

1.1 security managers are no longer supported (see ~~JDK-8186535~~). The permission check is done by the super class, ClassLoader. The initialized flag and associated code can also be removed -- this was only necessary before JDK 6 (see JSCG 4-5 for more info).

Attachments

Issue Links

duplicates

JDK-8049247 Redundant permission checks when creating ClassLoaders

Closed

is blocked by

JDK-8162875 Remove deprecated security APIs that are marked for removal

Resolved

JDK-8186535 Remove deprecated pre-1.2 SecurityManager methods and fields

Resolved

Activity

People

Assignee:

Sean Mullan

Reporter:

Tom Hawtin (Inactive)

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2009-11-09 14:35

Updated:

2018-09-17 23:13

Resolved:

2018-09-07 05:11

Imported:

16/Sep/12 2:24 AM

Indexed:

17/Jul/12 10:24 PM

Down for Maintenance on Wednesday Feb. 26 from 6pm to 8pm PT (2:00 to 4:00 GMT Thursday)