diff --git a/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java b/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java
index 1c998a08125..b1f5ab2eb65 100644
--- a/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java
+++ b/jdk/src/share/classes/com/sun/jmx/interceptor/DefaultMBeanServerInterceptor.java
@@ -1973,8 +1973,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
          * does not add it to the list that is consulted by
          * ClassLoaderRepository.loadClass.
          */
-        final ModifiableClassLoaderRepository clr =
-                instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
         if (clr == null) {
             final RuntimeException wrapped =
                     new IllegalArgumentException(
@@ -2000,8 +1999,7 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
          * Removes the  MBean from the default loader repository.
          */
         if (loader != server.getClass().getClassLoader()) {
-            final ModifiableClassLoaderRepository clr =
-                    instantiator.getClassLoaderRepository();
+            final ModifiableClassLoaderRepository clr = getInstantiatorCLR();
             if (clr != null) {
                 clr.removeClassLoader(logicalName);
             }
@@ -2060,5 +2058,12 @@ public class DefaultMBeanServerInterceptor implements MBeanServerInterceptor {
         return ResourceContext.NONE;
     }
 
-
+    private ModifiableClassLoaderRepository getInstantiatorCLR() {
+        return AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator != null ? instantiator.getClassLoaderRepository() : null;
+            }
+        });
+    }
 }
diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
index 69228b766c0..6a3e770d4a5 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java
@@ -32,6 +32,7 @@ import static com.sun.jmx.defaults.JmxProperties.MBEANSERVER_LOGGER;
 import java.io.ObjectInputStream;
 import java.security.AccessController;
 import java.security.Permission;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.List;
 import java.util.Set;
@@ -227,8 +228,16 @@ public final class JmxMBeanServer
                 clr = new ClassLoaderRepositorySupport();
             instantiator = new MBeanInstantiator(clr);
         }
+
+        final MBeanInstantiator fInstantiator = instantiator;
         this.secureClr = new
-          SecureClassLoaderRepository(instantiator.getClassLoaderRepository());
+            SecureClassLoaderRepository(AccessController.doPrivileged(new PrivilegedAction<ClassLoaderRepository>() {
+                @Override
+                public ClassLoaderRepository run() {
+                    return fInstantiator.getClassLoaderRepository();
+                }
+            })
+        );
         if (delegate == null)
             delegate = new MBeanServerDelegateImpl();
         if (outer == null)
@@ -1242,8 +1251,14 @@ public final class JmxMBeanServer
            class loader.  The ClassLoaderRepository knows how
            to handle that case.  */
         ClassLoader myLoader = outerShell.getClass().getClassLoader();
-        final ModifiableClassLoaderRepository loaders =
-            instantiator.getClassLoaderRepository();
+        final ModifiableClassLoaderRepository loaders = AccessController.doPrivileged(new PrivilegedAction<ModifiableClassLoaderRepository>() {
+
+            @Override
+            public ModifiableClassLoaderRepository run() {
+                return instantiator.getClassLoaderRepository();
+            }
+        });
+
         if (loaders != null) {
             loaders.addClassLoader(myLoader);
 
diff --git a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
index 1adb4dd9373..6e7bb89f921 100644
--- a/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
+++ b/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java
@@ -622,6 +622,7 @@ public class MBeanInstantiator {
      * Return the Default Loader Repository used by this instantiator object.
      **/
     public ModifiableClassLoaderRepository getClassLoaderRepository() {
+        checkMBeanPermission((String)null, null, null, "getClassLoaderRepository");
         return clr;
     }
 
@@ -733,9 +734,19 @@ public class MBeanInstantiator {
                                              String member,
                                              ObjectName objectName,
                                              String actions) {
+        if (clazz != null) {
+            checkMBeanPermission(clazz.getName(), member, objectName, actions);
+        }
+    }
+
+    private static void checkMBeanPermission(String classname,
+                                             String member,
+                                             ObjectName objectName,
+                                             String actions)
+        throws SecurityException {
         SecurityManager sm = System.getSecurityManager();
-        if (clazz != null && sm != null) {
-            Permission perm = new MBeanPermission(clazz.getName(),
+        if (sm != null) {
+            Permission perm = new MBeanPermission(classname,
                                                   member,
                                                   objectName,
                                                   actions);