[11u] RFR(S): 8223326: Regression introduced by CPU sync: java.security.AccessControlException: access denied ("java.net.NetPermission" "setSocketImpl")

Alan Bateman Alan.Bateman at oracle.com
Mon Mar 23 19:51:34 UTC 2020

On 23/03/2020 19:39, Chris Hegarty wrote:
>> On 23 Mar 2020, at 19:18, Alan Bateman <Alan.Bateman at oracle.com 
>> <mailto:Alan.Bateman at oracle.com>> wrote:
>>> ...
>> Socket(SocketImpl) is only specified to do a permission check when 
>> the impl is non-null. The socket adaptor in JDK 12 and older releases 
>> doesn't have a dummy impl so the change should not be needed. If 
>> there is a security exception thrownhere then it suggests something 
>> may be broken elsewhere, do you have a stack trace?
> I suspect that only the ServerSocketAdapter part of the change is 
> needed, since ServerSocket(SocketImpl) does a security check 
> regardless of the value of the given SocketImpl.
The old ServerSocketAdapter implementation pre-dates that protected 
constructor. I don't have cycles to dig into what is going on in the 
update releases but if there is a security exception bring thrown in 
either case then it suggests that something is broken elsewhere.


More information about the core-libs-dev mailing list