Constructor::newInstance is a caller-sensitive method that performs the security check when the caller is not the same class loader as implClass’s class loader or not its ancestor.
In this case the caller class is ServerSocket and its class loader is the bootstrap class loader is privileged (an ancestor of any loader). Mandy > On Sep 2, 2016, at 6:42 AM, Peter Levart <peter.lev...@gmail.com> wrote: > > Hi Many, > > Are you sure the implementation class passed to > JavaNetSocketAccess.newSocketImpl(Class<? extends SocketImpl> implClass) is > never going to be loaded by a class loader other than bootstrap classloader > (the loader of the caller of implClass.getDeclaredConstructor()) and that no > unprivileged code will be on the call stack at that time? Do you need to > enclose this invocation into doPrivileged() block or do you expect that the > caller of JavaNetSocketAccess.newSocketImpl() will do that? > > Regards, Peter > > On 08/31/2016 10:48 PM, Mandy Chung wrote: >> This patch introduces JavaNetSocketAccess to allow access to non-public >> ServerSocket constructor that is accessed by some other area as a clean up. >> >> Webrev: >> http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8165180/webrev.00/ >> >> Mandy >
