JEE applications should not "getClassLoader", Use "Thread.currentThread().getContextClassLoader()" instead

Nouha_HAMMAMI · January 27, 2020, 9:22am

SonarQube version 8.1
Java 1.8

I’m using getClassLoader to get the the class loader that loaded the class, this is my methode

   public static ClassLoader getClassLoader(Class aClass){
        return aClass.getClassLoader();
        }

and i’m using it like that :
Bundle val = in.readBundle(ClassUtil.getClassLoader(MessageRequest.class));

but i got a bug from sonarQube :

Using the standard getClassLoader() may not return the right class loader in a JEE context. Instead, go through the currentThread

But i’m sure that i will get the right class loader, is this a false warning ? or i should use “Thread.currentThread().getContextClassLoader()” instead ?

Lena · January 28, 2020, 1:27pm

Hi,

This rule is not in default profile, so if you activated it for your project I assume it makes sense for your project. Still if you think that your particular usage is safe (we can’t tell you) you can “won’t fix” the issue in SQ UI.

You can check some more details on this topic here https://stackoverflow.com/questions/34787419/pmd-rule-use-proper-class-loader-explaination