This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 256071 - SecurityException: sealing violation
Summary: SecurityException: sealing violation
Alias: None
Product: platform
Classification: Unclassified
Component: Module System (show other bugs)
Version: 8.1
Hardware: All All
: P2 normal (vote)
Assignee: Tomas Hurka
Keywords: JDK_9, NO81
Depends on:
Reported: 2015-10-21 11:21 UTC by Tomas Hurka
Modified: 2015-11-06 02:29 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Exception Reporter: 220674

stacktrace (5.69 KB, text/plain)
2015-10-21 11:21 UTC, Tomas Hurka

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Hurka 2015-10-21 11:21:42 UTC
Build: NetBeans Dev JDK9 branch (Build 20151021-795746744b4b)
VM: Java HotSpot(TM) 64-Bit Server VM, 1.9.0-ea-jigsaw-nightly-h3477-20150929-b83, Java(TM) SE Runtime Environment, 1.9.0-ea-jigsaw-nightly-h3477-20150929-b83
OS: Mac OS X

User Comments:
thurka: jigsaw, open heapdump, go to OQL console, select sample OQL query - list

java.lang.SecurityException: sealing violation
   at org.netbeans.JarClassLoader.doLoadClass(
   at org.netbeans.ProxyClassLoader.selfLoadClass(
   at org.netbeans.ProxyClassLoader.loadClass(
   at java.lang.ClassLoader.loadClass(
   at org.netbeans.modules.javascript2.editor.JsLanguage.getParser(
   at org.netbeans.modules.csl.core.Language.getParser(
Comment 1 Tomas Hurka 2015-10-21 11:21:44 UTC
Created attachment 156867 [details]
Comment 2 Tomas Hurka 2015-11-05 13:32:22 UTC
Evaluation by jlahoda:
Let us have module, which masks some packages from bootclasspath - in our case libs.nashorn. So in general classes from nashorn can be loaded twice - from bootclasspath and from libs.nashorn module. The first are used in OQL console, second case is from javascript editor infrastructure.
The SecurityException is thrown when nashorn classes are loaded first from bootclasspath. Next when classes are loaded from libs.nashorn module, ProxyClassLoader.loadClass() will correctly try to load class from libs.nashorn jar file instead of delegating to the parent class loader. However getPackageFast(<package>, true)  is invoked during ProxyClassLoader.loadClass() invocation and it (incorrectly) finds package from bootclasspath. This was not a problem, but jigsaw build now has sealed packages and JarClassLoader.doLoadClass() correctly throws 'SecurityException: sealing violation", since one cannot add classes to sealed package from different source.
It looks like ProxyClassLoader.getPackage(Fast) should check shouldDelegateResource and do not return masked packages from parent classloader.
Comment 3 Tomas Hurka 2015-11-05 13:52:57 UTC
Fixed in profiler-main

changeset:   292858:6936edbde396
user:        Tomas Hurka <>
date:        Thu Nov 05 14:50:21 2015 +0100
summary:     bugfix #256071, consult shouldDelegateResource() when delegating to parent classloader (fix contributed by jlahoda)
Comment 4 Quality Engineering 2015-11-06 02:29:25 UTC
Integrated into 'main-silver', will be available in build *201511060002* on (upload may still be in progress)

User: Tomas Hurka <>
Log: bugfix #256071, consult shouldDelegateResource() when delegating to parent classloader (fix contributed by jlahoda)