6899533: SecureClassLoader and URLClassLoader have unnecessary check for createClassLoader permission

Remove code that is no longer necessary now that pre-JDK 1.2 SecurityManager methods are not supported. Reviewed-by: mchung
2025-08-27 06:45:07 +02:00 · 2018-09-07 08:02:51 -04:00 · 2018-09-07 08:02:51 -04:00 · 59d3b2ccfa
commit 59d3b2ccfa
parent 052a740695
2 changed files with 2 additions and 70 deletions
--- a/src/java.base/share/classes/java/net/URLClassLoader.java
+++ b/src/java.base/share/classes/java/net/URLClassLoader.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -111,11 +111,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
     */
    public URLClassLoader(URL[] urls, ClassLoader parent) {
        super(parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = AccessController.getContext();
        this.ucp = new URLClassPath(urls, acc);
    }
@ -123,11 +118,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
    URLClassLoader(String name, URL[] urls, ClassLoader parent,
                   AccessControlContext acc) {
        super(name, parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = acc;
        this.ucp = new URLClassPath(urls, acc);
    }
@ -156,22 +146,12 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
     */
    public URLClassLoader(URL[] urls) {
        super();
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = AccessController.getContext();
        this.ucp = new URLClassPath(urls, acc);
    }

    URLClassLoader(URL[] urls, AccessControlContext acc) {
        super();
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = acc;
        this.ucp = new URLClassPath(urls, acc);
    }
@ -201,11 +181,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
    public URLClassLoader(URL[] urls, ClassLoader parent,
                          URLStreamHandlerFactory factory) {
        super(parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = AccessController.getContext();
        this.ucp = new URLClassPath(urls, factory, acc);
    }
@ -238,11 +213,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
                          URL[] urls,
                          ClassLoader parent) {
        super(name, parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = AccessController.getContext();
        this.ucp = new URLClassPath(urls, acc);
    }
@ -273,11 +243,6 @@ public class URLClassLoader extends SecureClassLoader implements Closeable {
    public URLClassLoader(String name, URL[] urls, ClassLoader parent,
                          URLStreamHandlerFactory factory) {
        super(name, parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
        this.acc = AccessController.getContext();
        this.ucp = new URLClassPath(urls, factory, acc);
    }
--- a/src/java.base/share/classes/java/security/SecureClassLoader.java
+++ b/src/java.base/share/classes/java/security/SecureClassLoader.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -42,12 +42,6 @@ import sun.security.util.Debug;
 * @since 1.2
 */
 public class SecureClassLoader extends ClassLoader {
-    /*
-     * If initialization succeed this is set to true and security checks will
-     * succeed. Otherwise the object is not initialized and the object is
-     * useless.
-     */
-    private final boolean initialized;

    /*
     * Map that maps the CodeSource to a ProtectionDomain. The key is a
@ -81,12 +75,6 @@ public class SecureClassLoader extends ClassLoader {
     */
    protected SecureClassLoader(ClassLoader parent) {
        super(parent);
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
-        initialized = true;
    }

    /**
@ -104,12 +92,6 @@ public class SecureClassLoader extends ClassLoader {
     */
    protected SecureClassLoader() {
        super();
-        // this is to make the stack depth consistent with 1.1
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
-        initialized = true;
    }

    /**
@ -130,11 +112,6 @@ public class SecureClassLoader extends ClassLoader {
     */
    protected SecureClassLoader(String name, ClassLoader parent) {
        super(name, parent);
-        SecurityManager security = System.getSecurityManager();
-        if (security != null) {
-            security.checkCreateClassLoader();
-        }
-        initialized = true;
    }

    /**
@ -220,7 +197,6 @@ public class SecureClassLoader extends ClassLoader {
     */
    protected PermissionCollection getPermissions(CodeSource codesource)
    {
-        check();
        return new Permissions(); // ProtectionDomain defers the binding
    }

@ -260,15 +236,6 @@ public class SecureClassLoader extends ClassLoader {
        });
    }

-    /*
-     * Check to make sure the class loader has been initialized.
-     */
-    private void check() {
-        if (!initialized) {
-            throw new SecurityException("ClassLoader object not initialized");
-        }
-    }
-
    private static class CodeSourceKey {
        private final CodeSource cs;