Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 7
-
Fix Version/s: 12
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b11
-
CPU:generic
-
OS:generic
-
Verification:Not verified
Description
SecurityClassLoader and URLClassLoader have unnecessary security checks.
protected SecureClassLoader() {
super();
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
initialized = true;
}
1.1 security managers are no longer supported (seeJDK-8186535). The permission check is done by the super class, ClassLoader. The initialized flag and associated code can also be removed -- this was only necessary before JDK 6 (see JSCG 4-5 for more info).
protected SecureClassLoader() {
super();
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
initialized = true;
}
1.1 security managers are no longer supported (see
Attachments
Issue Links
- duplicates
-
JDK-8049247 Redundant permission checks when creating ClassLoaders
-
- Closed
-
- is blocked by
-
JDK-8162875 Remove deprecated security APIs that are marked for removal
-
- Resolved
-
-
JDK-8186535 Remove deprecated pre-1.2 SecurityManager methods and fields
-
- Resolved
-