This fix for #25538 has shown that we could really do with refactoring JarFile and supporting classes. We ideally shouldn't need to behave differently just because a SecurityManager is installed.
Comment From: dreis2211
If I may add to this: https://openjdk.java.net/jeps/411 is deprecating the SecurityManager for removal.
Comment From: philwebb
Ahh yes, thanks @dreis2211. It'll be interesting to see if we can support older and newer JDKs at the same time.
Comment From: onlyGuo
I think I might have a similar problem. But I'm not sure if it has anything to do with this, I saved a snapshot with jmap. https://github.com/onlyGuo/other/raw/master/huanbao.zip
Comment From: wilkinsona
The nested jar rewrite in 3.2 has taken care of this.