Re: RFR: 8330005: RandomGeneratorFactory.getDefault() throws exception when the runtime image only has java.base module [v6]

[Raffaello Giulietti]

On Sun, 5 May 2024 05:28:07 GMT, Alan Bateman <al...@openjdk.org> wrote:

>> Raffaello Giulietti has updated the pull request with a new target base due 
>> to a merge or a rebase. The incremental webrev excludes the unrelated 
>> changes brought in by the merge/rebase. The pull request contains seven 
>> additional commits since the last revision:
>> 
>>  - Merge branch 'master' into 8330005
>>  - Restrict RandomGenerator service providers to those loadable by the 
>> platform class loader.
>>  - Typo.
>>  - Added @uses javadoc tag for j.u.r.RandomGenerator in java.base.
>>  - Terminology changes.
>>  - Renamed package jdk.random to jdk.internal.random.
>>  - 8330005: RandomGeneratorFactory.getDefault() throws exception when the 
>> runtime image only has java.base module
>
> src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line 
> 147:
> 
>> 145:             
>> FactoryMapHolder.class.getModule().addUses(RandomGenerator.class);
>> 146:             return ServiceLoader
>> 147:                 .load(RandomGenerator.class, 
>> ClassLoader.getPlatformClassLoader())
> 
> SecurityManager is still a supported execution mode so you'll need to get the 
> platform class loader in a privileged block until the SM feature is removed.

Yes, I considered the interactions with a security manager.

But here the call to `getPlatformClassLoader()` is done from a platform class, 
namely `FactoryMapHolder` itself. According to its documentation, the call 
succeeds in this case because the security manager is not even consulted.

When experimenting with the following code and the default manager, as with 
`-Djava.security.manager=default`, no exceptions are thrown, neither with the 
full JDK nor with the minimal image that just includes `java.base`. There's 
only a warning about future removal of `SecurityManager`, as expected from JEP 
411.


import java.util.random.*;

public class Foo {
    public static void main(final String[] args) throws Exception {
        RandomGeneratorFactory.all().forEach(g -> System.out.println(g.name()));
        final RandomGeneratorFactory<RandomGenerator> rgf = 
RandomGeneratorFactory.getDefault();
        System.out.println("Got " + rgf);
    }
}


But if the call to `getPlatformClassLoader()` is done directly from an app 
loaded by the system class loader, then an exception is thrown when the default 
security manager is active.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18932#discussion_r1590295056