On Thu, 14 Nov 2024 10:44:03 GMT, Jaikiran Pai <j...@openjdk.org> wrote:
>> Remove the code for the now defunct SecurityManager execution mode from
>> ClassLoader and the built-in class loader implementations. The override of
>> getPermissions is removed from the application class loader, and from the
>> class loaders used to support module layers.
>>
>> URLCassLoader (and its implementation URLClassPath) will be handled
>> separately as there are spec changes required, and code in URLClassPath that
>> requires special attention.
>
> src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java line
> 296:
>
>> 294: }
>> 295: } else {
>> 296: URL url = findResource(name);
>
> Hello Alan, before the change in this PR, when the module name `mn` was
> `null`, we used to call `findResource(mn, name)` (on previously line number
> 298). The `findResource(String, String)` would then effectively end up
> calling `findResourceOnClassPath(name)` without doing anything more.
>
> With this change, we now call `findResource(String)` when module name is
> `null`. The implementation of `findResource(String)` has additional code
> which does resource's package name to module mapping and few other things
> before it can decide whether `findResourceOnClassPath(String)` needs to be
> called for this resource name.
>
> Should the change on this line instead have been `findResource(null, name)`?
The change was deliberate but you are right that when we know we are looking
for a resource on the class path that it would be better to stick with
findResource(null, name).
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22097#discussion_r1842021462
