JEE applications should not "getClassLoader", Use "Thread.currentThread().getContextClassLoader()" instead

SonarQube version 8.1
Java 1.8

I’m using getClassLoader to get the the class loader that loaded the class, this is my methode

   public static ClassLoader getClassLoader(Class aClass){
        return aClass.getClassLoader();

and i’m using it like that :
Bundle val = in.readBundle(ClassUtil.getClassLoader(MessageRequest.class));

but i got a bug from sonarQube :

Using the standard getClassLoader() may not return the right class loader in a JEE context. Instead, go through the currentThread

But i’m sure that i will get the right class loader, is this a false warning ? or i should use “Thread.currentThread().getContextClassLoader()” instead ?


This rule is not in default profile, so if you activated it for your project I assume it makes sense for your project. Still if you think that your particular usage is safe (we can’t tell you) you can “won’t fix” the issue in SQ UI.

You can check some more details on this topic here