JDK-6899533 : SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission
- Type: Bug
- Component: security-libs
- Sub-Component: java.security
- Affected Version: 7
- Priority: P3
- Status: Closed
- Resolution: Fixed
- OS: generic
- CPU: generic
- Submitted: 2009-11-09
- Updated: 2018-09-18
- Resolved: 2018-09-07
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 12 |
|---|
12 b11Fixed  |
Related Reports
|
Blocks :
|
|
|
Blocks :
|
|
|
Duplicate :
|
Description
SecurityClassLoader and URLClassLoader have unnecessary security checks.
protected SecureClassLoader() {
super();
// this is to make the stack depth consistent with 1.1
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkCreateClassLoader();
}
initialized = true;
}
1.1 security managers are no longer supported (see JDK-8186535). The permission check is done by the super class, ClassLoader. The initialized flag and associated code can also be removed -- this was only necessary before JDK 6 (see JSCG 4-5 for more info).
Comments
|