src/java.desktop/share/classes/sun/applet/AppletSecurity.java

rev 15908 : 8165271: Fix use of reflection to gain access to private fields
Reviewed-by:

@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.  Oracle designates this

@@ -38,40 +38,29 @@
 import java.util.Iterator;
 import java.util.HashSet;
 import java.util.StringTokenizer;
 import java.security.*;
 import java.lang.reflect.*;
+import jdk.internal.misc.JavaNetUrlClassLoaderAccess;
+import jdk.internal.misc.JavaSecurityAccess;
+import jdk.internal.misc.SharedSecrets;
 import sun.awt.AWTSecurityManager;
 import sun.awt.AppContext;
 import sun.awt.AWTPermissions;
 import sun.security.util.SecurityConstants;
 
 
+
 /**
  * This class defines an applet security policy
  *
  */
 public
 class AppletSecurity extends AWTSecurityManager {
-
-    //URLClassLoader.acc
-    private static Field facc = null;
-
-    //AccessControlContext.context;
-    private static Field fcontext = null;
-
-    static {
-        try {
-            facc = URLClassLoader.class.getDeclaredField("acc");
-            facc.setAccessible(true);
-            fcontext = AccessControlContext.class.getDeclaredField("context");
-            fcontext.setAccessible(true);
-        } catch (NoSuchFieldException e) {
-            throw new UnsupportedOperationException(e);
-        }
-    }
-
+    private static final JavaNetUrlClassLoaderAccess JNUCLA
+            = SharedSecrets.getJavaNetUrlClassLoaderAccess();
+    private static final JavaSecurityAccess JSA = SharedSecrets.getJavaSecurityAccess();
 
     /**
      * Construct and initialize.
      */
     public AppletSecurity() {

@@ -146,24 +135,25 @@
          */
         for (int i = 0; i < context.length; i++) {
             final ClassLoader currentLoader = context[i].getClassLoader();
 
             if (currentLoader instanceof URLClassLoader) {
+                URLClassLoader ld = (URLClassLoader)currentLoader;
                 loader = AccessController.doPrivileged(
                     new PrivilegedAction<ClassLoader>() {
                         public ClassLoader run() {
 
                             AccessControlContext acc = null;
                             ProtectionDomain[] pds = null;
 
                             try {
-                                acc = (AccessControlContext) facc.get(currentLoader);
+                                acc = JNUCLA.getAccessControlContext(ld);
                                 if (acc == null) {
                                     return null;
                                 }
 
-                                pds = (ProtectionDomain[]) fcontext.get(acc);
+                                pds = JSA.getProtectDomains(acc);
                                 if (pds == null) {
                                     return null;
                                 }
                             } catch (Exception e) {
                                 throw new UnsupportedOperationException(e);