Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 263779

Summary:

JDT should issue warning or error for package "java"

Product:

[Eclipse Project] JDT

Reporter:

John Vandenbroek <vanbroek>

Component:

Core

Assignee:

JDT-Core-Inbox <jdt-core-inbox>

Status:

CLOSED WONTFIX

QA Contact:

Severity:

normal

Priority:

CC:

rkleung, stephan.herrmann

Version:

3.4

Target Milestone:

---

Hardware:

OS:

Windows XP

Whiteboard:

stalebug

Attachments:

Description	Flags
Contains classes showing failures	none

Description John Vandenbroek

2009-02-05 08:23:42 EST

Created attachment 124797 [details]
Contains classes showing failures

Build ID: 3.4.0 - I20080617-2000

Steps To Reproduce:


More information:

Both the Sun JRE and the IBM JRE cannot load classes which reside in package "java".  The JDT should issue an error message when:

1) The user creates a package named "java",
2) A Java class resides in package "java".  This class may have been created
   on the user's behalf by a generation tool.

I have provided an attachment JAR which contains three classes:

1) java.JavaTest - which issues the following error when I invoke its main()
   method:

	Exception in thread "main" java.lang.NoClassDefFoundError: java.JavaTest
	Caused by: java.lang.ClassNotFoundException: java.JavaTest
	        at java.net.URLClassLoader.findClass(URLClassLoader.java:419)
	        at java.lang.ClassLoader.loadClass(ClassLoader.java:643)
	        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:300)
	        at java.lang.ClassLoader.loadClass(ClassLoader.java:609)

2) test.JavaTestClient - which has a main() method which tries to create an
   instance of class java.JavaTest.  When I call its main() method the
   following error is issued:

	Running JavaTestClient.main()
	Exception in thread "main" java.lang.SecurityException: java.JavaClass - protected system package 'java'
	        at java.lang.ClassLoader.checkClassName(ClassLoader.java:211)
	        at java.lang.ClassLoader.defineClass(ClassLoader.java:253)
	        at java.security.SecureClassLoader.defineClass(Unknown Source)
	        at java.net.URLClassLoader.defineClass(URLClassLoader.java:493)
	        at java.net.URLClassLoader.access$300(URLClassLoader.java:64)
	        at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java:892)
	        at java.security.AccessController.doPrivileged(AccessController.java:284)
	        at java.net.URLClassLoader.findClass(URLClassLoader.java:414)
	        at java.lang.ClassLoader.loadClass(ClassLoader.java:643)
	        at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:300)
	        at java.lang.ClassLoader.loadClass(ClassLoader.java:609)
	        at other.JavaTestClient.main(JavaTestClient.java:8)

3) other.OtherTest - which has a main() method which does not interact with
   class java.JavaTest.  This main() method runs without an error.

The following web page addresses this restriction:  

   http://www.mail-archive.com/java-linux@java.blackdown.org/msg15876.html

Here is an excerpt:

>> <AFAIK>
>> java, javax, and sun are among the package names reserved for the virtual
>> machine.  In order to prevent a trojan horse attack, users cannot add or
>> detract from these namespaces.
>> </AFAIK>

I assume "AFAIK" means "as far as I know", which means that this statement isn't definite.  But, taken in light of the above evidence, I'm inclined to believe the statement is true.

Comment 1 Eclipse Genie

2020-04-14 20:04:39 EDT

This bug hasn't had any activity in quite some time. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're closing this bug.

If you have further information on the current state of the bug, please add it and reopen this bug. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.

--
The automated Eclipse Genie.

Comment 2 Stephan Herrmann

2020-04-15 17:17:43 EDT

post mortem: sorry, apparently this escaped everybody's attention.

For reference, javac does not report anything in this case.

Moving forward, similar rules are enforced by JPMS (which ecj implements).