Consider the following test:
import org.omg.CORBA.ORB;
import java.util.Properties;
public class Test {
public static void main(String[] args) {
Properties props = new Properties();
props.put("org.omg.CORBA.ORBClass",
"com.sun.corba.se.impl.orb.ORBImpl");
props.put("org.omg.CORBA.ORBSingletonClass",
"com.sun.corba.se.impl.orb.ORBSingleton");
ORB orb = ORB.init(args, props);
}
}
Now run this with a security manager:
$ java -Djava.security.manager Test
Exception in thread "main" org.omg.CORBA.INITIALIZE: can't instantiate default ORB implementation com.sun.corba.se.impl.orb.ORBImpl vmcid: 0x0 minor code: 0 completed: No
at org.omg.CORBA.ORB.create_impl(ORB.java:306)
at org.omg.CORBA.ORB.init(ORB.java:345)
at Test2.main(Test2.java:11)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.corba.se.impl.orb")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1571)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:305)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:340)
at org.omg.CORBA.ORB.create_impl(ORB.java:304)
... 2 more
This is new behavior, in shipping JDK releases then this would run without throwing a security exception.