diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java index 6330b9c28aa..3e8cb71a5a4 100644 --- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java +++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/ObjectInputStreamWithLoader.java @@ -30,7 +30,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.ObjectInputStream; import java.io.ObjectStreamClass; -import java.io.StreamCorruptedException; +import sun.reflect.misc.ReflectUtil; /** * This class deserializes an object in the context of a specific class loader. @@ -61,6 +61,7 @@ class ObjectInputStreamWithLoader extends ObjectInputStream { return super.resolveClass(aClass); } else { String name = aClass.getName(); + ReflectUtil.checkPackageAccess(name); // Query the class loader ... return Class.forName(name, false, loader); } diff --git a/jdk/src/share/classes/javax/management/MBeanServerFactory.java b/jdk/src/share/classes/javax/management/MBeanServerFactory.java index d6f133a0b6b..1e0ad2fb9c1 100644 --- a/jdk/src/share/classes/javax/management/MBeanServerFactory.java +++ b/jdk/src/share/classes/javax/management/MBeanServerFactory.java @@ -34,6 +34,7 @@ import java.security.Permission; import java.util.ArrayList; import java.util.logging.Level; import javax.management.loading.ClassLoaderRepository; +import sun.reflect.misc.ReflectUtil; /** @@ -446,7 +447,7 @@ public class MBeanServerFactory { } // No context class loader? Try with Class.forName() - return Class.forName(builderClassName); + return ReflectUtil.forName(builderClassName); } /** diff --git a/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java b/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java index b3a4558d4b2..53e6754e6ed 100644 --- a/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java +++ b/jdk/src/share/classes/javax/management/remote/rmi/RMIConnector.java @@ -103,6 +103,7 @@ import javax.naming.InitialContext; import javax.naming.NamingException; import javax.rmi.ssl.SslRMIClientSocketFactory; import javax.security.auth.Subject; +import sun.reflect.misc.ReflectUtil; import sun.rmi.server.UnicastRef2; import sun.rmi.transport.LiveRef; @@ -2002,7 +2003,9 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable @Override protected Class resolveClass(ObjectStreamClass classDesc) throws IOException, ClassNotFoundException { - return Class.forName(classDesc.getName(), false, loader); + String name = classDesc.getName(); + ReflectUtil.checkPackageAccess(name); + return Class.forName(name, false, loader); } private final ClassLoader loader;