Hi,
Please find below a patch for:
8065552: setAccessible(true) on fields of Class may throw
a SecurityException
webrev:
http://cr.openjdk.java.net/~dfuchs/webrev_8065552/webrev.00/
Description of the problem:
The following test case passes on 8u20 but fails on 8u40 and above:
public class Test {
public static void main(String[] args) throws Throwable {
for (Field f : Class.class.getDeclaredFields()) {
f.setAccessible(true);
}
}
}
The fix for JDK-6642881 introduced a new private field to Class, named
"classloader", whose accessibility can never be modified (from the
default of non-accessible to accessible).
This issue manifests itself in Jython where, when the
Options.respectJavaAccessibility is false (by default it is true), a
SecurityException occurs when it tries to setAccessible(true) all
declared fields on Class:
https://hg.python.org/jython/file/tip/src/org/python/core/PyJavaType.java#l405
The SecurityException is lost in the noise of other exceptions as the
error propagates through the runtime. The observable symptom is
a NullPointerException which occurs when one tries to load the
Jython engine. With 8u40 it fails with exception:
java.lang.NullPointerException
at org.python.core.Py.recursiveIsInstance(Py.java:1861)
at org.python.core.Py.isInstance(Py.java:1828)
at org.python.core.__builtin__.isinstance(__builtin__.java:725)
at org.python.core.Py.displayException(Py.java:1009)
at org.python.core.PyException.printStackTrace(PyException.java:79)
at org.python.core.PyException.toString(PyException.java:98)
at org.apache.commons.logging.impl.SimpleLog.log(SimpleLog.java:329)
at org.apache.commons.logging.impl.SimpleLog.error(SimpleLog.java:525)
at org.apache.bsf.BSFManager.loadScriptingEngine(BSFManager.java:717)
...
The fix is to hide the field from reflection instead of simply
preventing it to be set as accessible.
best regards,
-- daniel
