On Tue, 19 Nov 2024 10:48:25 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> Can I please get a review of this change which proposes to remove >> SecurityManager related API usages from `URLClassLoader` and its related >> `URLClassPath`? This addresses https://bugs.openjdk.org/browse/JDK-8344223. >> >> The `URLClassLoader.getPermissions()` method will need additional changes >> but that will be done as part of https://bugs.openjdk.org/browse/JDK-8343150. >> >> I'll be opening a CSR for this change because we are removing support for >> the `jdk.net.URLClassPath.disableRestrictedPermissions` system property. >> >> No new tests have been added and existing tier1, tier2 and tier3 tests >> continue to pass. > > Jaikiran Pai has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains two additional > commits since the last revision: > > - merge latest from master branch > - 8344223: Remove calls to SecurityManager and doPrivileged in > java.net.URLClassLoader after JEP 486 integration src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java line 387: > 385: Enumeration<URL> e = findResourcesOnClassPath(name); > 386: > 387: // concat the resources from the modules and the class path Observation: This is now essentially `ClassLoader.CompoundEnumeration`, which could be reused if moved to `jdk.internal.loader`. Probably not for this PR though. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22233#discussion_r1848165627
