7180225: SecurityExceptions not defined in some class loader methods

Reviewed-by: mchung, mullan
2026-02-28 11:10:26 +00:00 · 2016-08-23 10:49:15 -07:00 · 2016-08-23 10:49:15 -07:00 · 496a6f67d6
commit 496a6f67d6
parent 4b68f37bfe
3 changed files with 32 additions and 60 deletions
--- a/jdk/src/java.base/share/classes/java/lang/Class.java
+++ b/jdk/src/java.base/share/classes/java/lang/Class.java
@ -331,12 +331,6 @@ public final class Class<T> implements java.io.Serializable,
     * Note that this method does not check whether the requested class
     * is accessible to its caller.
     *
-     * <p> If the {@code loader} is {@code null}, and a security
-     * manager is present, and the caller's class loader is not null, then this
-     * method calls the security manager's {@code checkPermission} method
-     * with a {@code RuntimePermission("getClassLoader")} permission to
-     * ensure it's ok to access the bootstrap class loader.
-     *
     * @param name       fully qualified name of the desired class
     * @param initialize if {@code true} the class will be initialized.
     *                   See Section 12.4 of <em>The Java Language Specification</em>.
@ -348,6 +342,11 @@ public final class Class<T> implements java.io.Serializable,
     *            by this method fails
     * @exception ClassNotFoundException if the class cannot be located by
     *            the specified class loader
+     * @exception SecurityException
+     *            if a security manager is present, and the {@code loader} is
+     *            {@code null}, and the caller's class loader is not
+     *            {@code null}, and the caller does not have the
+     *            {@link RuntimePermission}{@code ("getClassLoader")}
     *
     * @see       java.lang.Class#forName(String)
     * @see       java.lang.ClassLoader
@ -782,22 +781,17 @@ public final class Class<T> implements java.io.Serializable,
     * null in such implementations if this class was loaded by the bootstrap
     * class loader.
     *
-     * <p> If a security manager is present, and the caller's class loader is
-     * not null and the caller's class loader is not the same as or an ancestor of
-     * the class loader for the class whose class loader is requested, then
-     * this method calls the security manager's {@code checkPermission}
-     * method with a {@code RuntimePermission("getClassLoader")}
-     * permission to ensure it's ok to access the class loader for the class.
-     *
     * <p>If this object
     * represents a primitive type or void, null is returned.
     *
     * @return  the class loader that loaded the class or interface
     *          represented by this object.
-     * @throws SecurityException
-     *    if a security manager exists and its
-     *    {@code checkPermission} method denies
-     *    access to the class loader for the class.
+     * @throws  SecurityException
+     *          if a security manager is present, and the caller's class loader
+     *          is not {@code null} and is not the same as or an ancestor of the
+     *          class loader for the class whose class loader is requested,
+     *          and the caller does not have the
+     *          {@link RuntimePermission}{@code ("getClassLoader")}
     * @see java.lang.ClassLoader
     * @see SecurityManager#checkPermission
     * @see java.lang.RuntimePermission
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java
+++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java
@ -1537,22 +1537,13 @@ public abstract class ClassLoader {
     * will return <tt>null</tt> in such implementations if this class loader's
     * parent is the bootstrap class loader.
     *
-     * <p> If a security manager is present, and the invoker's class loader is
-     * not <tt>null</tt> and is not an ancestor of this class loader, then this
-     * method invokes the security manager's {@link
-     * SecurityManager#checkPermission(java.security.Permission)
-     * <tt>checkPermission</tt>} method with a {@link
-     * RuntimePermission#RuntimePermission(String)
-     * <tt>RuntimePermission("getClassLoader")</tt>} permission to verify
-     * access to the parent class loader is permitted.  If not, a
-     * <tt>SecurityException</tt> will be thrown.  </p>
-     *
     * @return  The parent <tt>ClassLoader</tt>
     *
     * @throws  SecurityException
-     *          If a security manager exists and its <tt>checkPermission</tt>
-     *          method doesn't allow access to this class loader's parent class
-     *          loader.
+     *          If a security manager is present, and the caller's class loader
+     *          is not {@code null} and is not an ancestor of this class loader,
+     *          and the caller does not have the
+     *          {@link RuntimePermission}{@code ("getClassLoader")}
     *
     * @since  1.2
     */
@ -1590,12 +1581,11 @@ public abstract class ClassLoader {
     * @return  The platform {@code ClassLoader}.
     *
     * @throws  SecurityException
-     *          If a security manager exists and the caller's class loader is
-     *          not {@code null} and the caller's class loader is not the same
+     *          If a security manager is present, and the caller's class loader is
+     *          not {@code null}, and the caller's class loader is not the same
     *          as or an ancestor of the platform class loader,
-     *          and the {@link SecurityManager#checkPermission(java.security.Permission)
-     *          checkPermission} method denies {@code RuntimePermission("getClassLoader")}
-     *          to access the platform class loader.
+     *          and the caller does not have the
+     *          {@link RuntimePermission}{@code ("getClassLoader")}
     *
     * @since 9
     */
@ -1636,17 +1626,6 @@ public abstract class ClassLoader {
     * If circular initialization of the system class loader is detected then
     * an unspecified error or exception is thrown.
     *
-     * <p> If a security manager is present, and the invoker's class loader is
-     * not <tt>null</tt> and the invoker's class loader is not the same as or
-     * an ancestor of the system class loader, then this method invokes the
-     * security manager's {@link
-     * SecurityManager#checkPermission(java.security.Permission)
-     * <tt>checkPermission</tt>} method with a {@link
-     * RuntimePermission#RuntimePermission(String)
-     * <tt>RuntimePermission("getClassLoader")</tt>} permission to verify
-     * access to the system class loader.  If not, a
-     * <tt>SecurityException</tt> will be thrown.  </p>
-     *
     * @implNote The system property to override the system class loader is not
     * examined until the VM is almost fully initialized. Code that executes
     * this method during startup should take care not to cache the return
@ -1656,8 +1635,10 @@ public abstract class ClassLoader {
     *          <tt>null</tt> if none
     *
     * @throws  SecurityException
-     *          If a security manager exists and its <tt>checkPermission</tt>
-     *          method doesn't allow access to the system class loader.
+     *          If a security manager is present, and the caller's class loader
+     *          is not {@code null} and is not the same as or an ancestor of the
+     *          system class loader, and the caller does not have the
+     *          {@link RuntimePermission}{@code ("getClassLoader")}
     *
     * @throws  IllegalStateException
     *          If invoked recursively during the construction of the class
--- a/jdk/src/java.base/share/classes/java/lang/Thread.java
+++ b/jdk/src/java.base/share/classes/java/lang/Thread.java
@ -1507,28 +1507,25 @@ class Thread implements Runnable {
    }

    /**
-     * Returns the context ClassLoader for this Thread. The context
-     * ClassLoader is provided by the creator of the thread for use
+     * Returns the context {@code ClassLoader} for this thread. The context
+     * {@code ClassLoader} is provided by the creator of the thread for use
     * by code running in this thread when loading classes and resources.
     * If not {@linkplain #setContextClassLoader set}, the default is the
-     * ClassLoader context of the parent Thread. The context ClassLoader of the
+     * {@code ClassLoader} context of the parent thread. The context
+     * {@code ClassLoader} of the
     * primordial thread is typically set to the class loader used to load the
     * application.
     *
-     * <p>If a security manager is present, and the invoker's class loader is not
-     * {@code null} and is not the same as or an ancestor of the context class
-     * loader, then this method invokes the security manager's {@link
-     * SecurityManager#checkPermission(java.security.Permission) checkPermission}
-     * method with a {@link RuntimePermission RuntimePermission}{@code
-     * ("getClassLoader")} permission to verify that retrieval of the context
-     * class loader is permitted.
     *
-     * @return  the context ClassLoader for this Thread, or {@code null}
+     * @return  the context {@code ClassLoader} for this thread, or {@code null}
     *          indicating the system class loader (or, failing that, the
     *          bootstrap class loader)
     *
     * @throws  SecurityException
-     *          if the current thread cannot get the context ClassLoader
+     *          if a security manager is present, and the caller's class loader
+     *          is not {@code null} and is not the same as or an ancestor of the
+     *          context class loader, and the caller does not have the
+     *          {@link RuntimePermission}{@code ("getClassLoader")}
     *
     * @since 1.2
     */