On Sun, 5 May 2024 05:28:07 GMT, Alan Bateman <al...@openjdk.org> wrote:
>> Raffaello Giulietti has updated the pull request with a new target base due >> to a merge or a rebase. The incremental webrev excludes the unrelated >> changes brought in by the merge/rebase. The pull request contains seven >> additional commits since the last revision: >> >> - Merge branch 'master' into 8330005 >> - Restrict RandomGenerator service providers to those loadable by the >> platform class loader. >> - Typo. >> - Added @uses javadoc tag for j.u.r.RandomGenerator in java.base. >> - Terminology changes. >> - Renamed package jdk.random to jdk.internal.random. >> - 8330005: RandomGeneratorFactory.getDefault() throws exception when the >> runtime image only has java.base module > > src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line > 147: > >> 145: >> FactoryMapHolder.class.getModule().addUses(RandomGenerator.class); >> 146: return ServiceLoader >> 147: .load(RandomGenerator.class, >> ClassLoader.getPlatformClassLoader()) > > SecurityManager is still a supported execution mode so you'll need to get the > platform class loader in a privileged block until the SM feature is removed. Yes, I considered the interactions with a security manager. But here the call to `getPlatformClassLoader()` is done from a platform class, namely `FactoryMapHolder` itself. According to its documentation, the call succeeds in this case because the security manager is not even consulted. When experimenting with the following code and the default manager, as with `-Djava.security.manager=default`, no exceptions are thrown, neither with the full JDK nor with the minimal image that just includes `java.base`. There's only a warning about future removal of `SecurityManager`, as expected from JEP 411. import java.util.random.*; public class Foo { public static void main(final String[] args) throws Exception { RandomGeneratorFactory.all().forEach(g -> System.out.println(g.name())); final RandomGeneratorFactory<RandomGenerator> rgf = RandomGeneratorFactory.getDefault(); System.out.println("Got " + rgf); } } But if the call to `getPlatformClassLoader()` is done directly from an app loaded by the system class loader, then an exception is thrown when the default security manager is active. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18932#discussion_r1590295056