gaarason · simei2k · May 18, 2025
diff --git a/database-logging/src/main/java/gaarason/database/logging/Resources.java b/database-logging/src/main/java/gaarason/database/logging/Resources.java
@@ -1,4 +1,6 @@
 package gaarason.database.logging;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 
 /**
@@ -47,10 +49,28 @@ public static Class<?> classForName(String className) throws ClassNotFoundExcept
     }
 
     private static ClassLoader getClassLoader() {
+        // Keep original behavior if default class loader is set
         if (defaultClassLoader != null) {
             return defaultClassLoader;
-        } else {
+        }
+
+        // Check if security manager is present (optimization from fixed code)
+        if (System.getSecurityManager() == null) {
+            // Fast path when no security manager exists
             return Thread.currentThread().getContextClassLoader();
+        } else {
+            // Use doPrivileged when security manager is active
+            return AccessController.doPrivileged((PrivilegedAction<ClassLoader>) () -> {
+                try {
+                    return Thread.currentThread().getContextClassLoader();
+                } catch (SecurityException ex) {
+                    // Log exception but don't expose stack trace
+                    // Using System.err since we don't want to assume logger availability
+                    System.err.println("SecurityException: Unable to access thread context class loader");
+                    // Return null on failure, maintaining original behavior on exception
+                    return null;
+                }
+            });
         }
     }