RFR - 8065552: setAccessible(true) on fields of Class may throw a SecurityException

Daniel Fuchs daniel.fuchs at oracle.com
Mon Dec 1 16:29:36 UTC 2014


Please find below a patch for:

8065552: setAccessible(true) on fields of Class may throw
          a SecurityException


Description of the problem:

The following test case passes on 8u20 but fails on 8u40 and above:

  public class Test {
      public static void main(String[] args) throws Throwable {
          for (Field f : Class.class.getDeclaredFields()) {

The fix for JDK-6642881 introduced a new private field to Class, named 
"classloader", whose accessibility can never be modified (from the 
default of non-accessible to accessible).

This issue manifests itself in Jython where, when the 
Options.respectJavaAccessibility is false (by default it is true), a 
SecurityException occurs when it tries to setAccessible(true) all 
declared fields on Class:


The SecurityException is lost in the noise of other exceptions as the 
error propagates through the runtime. The observable symptom is
a NullPointerException which occurs when one tries to load the
Jython engine. With 8u40 it fails with exception:

at org.python.core.Py.recursiveIsInstance(Py.java:1861)
at org.python.core.Py.isInstance(Py.java:1828)
at org.python.core.__builtin__.isinstance(__builtin__.java:725)
at org.python.core.Py.displayException(Py.java:1009)
at org.python.core.PyException.printStackTrace(PyException.java:79)
at org.python.core.PyException.toString(PyException.java:98)
at org.apache.commons.logging.impl.SimpleLog.log(SimpleLog.java:329)
at org.apache.commons.logging.impl.SimpleLog.error(SimpleLog.java:525)
at org.apache.bsf.BSFManager.loadScriptingEngine(BSFManager.java:717)

The fix is to hide the field from reflection instead of simply
preventing it to be set as accessible.

best regards,

-- daniel

More information about the core-libs-dev mailing list