Bug ID: JDK-8281242 java.io.ObjectStreamClass::forClass and java.io.ObjectStreamField::getType throw NPE when caller is null

Oracle Technology Network
Java
Java SE
Community
Bug Database

JDK-8281242 : java.io.ObjectStreamClass::forClass and java.io.ObjectStreamField::getType throw NPE when caller is null

Type: Sub-task
Component: core-libs
Sub-Component: java.io:serialization
Affected Version: 9

Priority: P4
Status: Closed
Resolution: Won't Fix

Submitted: 2022-02-04
Updated: 2022-02-04
Resolved: 2022-02-04

Description

java.io.ObjectStreamClass::forClass and java.io.ObjectStreamField::getType use the caller's loader to determine if it requires package access security permission check if the security manager is present.   

Since security manager is deprecated for removal (JEP 411) and setting the security manager is disallowed by default in Java 18, I'm inclined to propose do nothing for this issue.

This issue is created as a tracking purpose.

Comments

Since security manager will be removed in a future release and this has been a long-standing behavior, close this issue as will not fix. These APIs rarely will be called through JNI with no caller frame.

04-02-2022