--- a/jdk/src/java.rmi/share/classes/sun/rmi/transport/Transport.java	Wed Oct 08 19:13:57 2014 +0800
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/transport/Transport.java	Wed Oct 15 15:41:50 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,10 @@
 import java.rmi.server.RemoteServer;
 import java.rmi.server.ServerNotActiveException;
 import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.Permissions;
 import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 import sun.rmi.runtime.Log;
 import sun.rmi.server.Dispatcher;
 import sun.rmi.server.UnicastServerRef;
@@ -69,6 +72,15 @@
     /** ObjID for DGCImpl */
     private static final ObjID dgcID = new ObjID(ObjID.DGC_ID);
 
+    /** AccessControlContext for setting context ClassLoader */
+    private static final AccessControlContext SETCCL_ACC;
+    static {
+        Permissions perms = new Permissions();
+        perms.add(new RuntimePermission("setContextClassLoader"));
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        SETCCL_ACC = new AccessControlContext(pd);
+    }
+
     /**
      * Returns a <I>Channel</I> that generates connections to the
      * endpoint <I>ep</I>. A Channel is an object that creates and
@@ -118,6 +130,16 @@
     protected abstract void checkAcceptPermission(AccessControlContext acc);
 
     /**
+     * Sets the context class loader for the current thread.
+     */
+    private static void setContextClassLoader(ClassLoader ccl) {
+        AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
+                Thread.currentThread().setContextClassLoader(ccl);
+                return null;
+            }, SETCCL_ACC);
+    }
+
+    /**
      * Service an incoming remote call. When a message arrives on the
      * connection indicating the beginning of a remote call, the
      * threads are required to call the <I>serviceCall</I> method of
@@ -165,11 +187,10 @@
                     target.getAccessControlContext();
                 ClassLoader ccl = target.getContextClassLoader();
 
-                Thread t = Thread.currentThread();
-                ClassLoader savedCcl = t.getContextClassLoader();
+                ClassLoader savedCcl = Thread.currentThread().getContextClassLoader();
 
                 try {
-                    t.setContextClassLoader(ccl);
+                    setContextClassLoader(ccl);
                     currentTransport.set(this);
                     try {
                         java.security.AccessController.doPrivileged(
@@ -184,7 +205,7 @@
                         throw (IOException) pae.getException();
                     }
                 } finally {
-                    t.setContextClassLoader(savedCcl);
+                    setContextClassLoader(savedCcl);
                     currentTransport.set(null);
                 }
 

--- a/jdk/src/java.rmi/share/classes/sun/rmi/transport/tcp/TCPTransport.java	Wed Oct 08 19:13:57 2014 +0800
+++ b/jdk/src/java.rmi/share/classes/sun/rmi/transport/tcp/TCPTransport.java	Wed Oct 15 15:41:50 2014 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,9 @@
 import java.rmi.server.UID;
 import java.security.AccessControlContext;
 import java.security.AccessController;
+import java.security.Permissions;
 import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
 import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
@@ -120,6 +122,14 @@
     private static final ThreadLocal<ConnectionHandler>
         threadConnectionHandler = new ThreadLocal<>();
 
+    /** an AccessControlContext with no permissions */
+    private static final AccessControlContext NOPERMS_ACC;
+    static {
+        Permissions perms = new Permissions();
+        ProtectionDomain[] pd = { new ProtectionDomain(null, perms) };
+        NOPERMS_ACC = new AccessControlContext(pd);
+    }
+
     /** endpoints for this transport */
     private final LinkedList<TCPEndpoint> epList;
     /** number of objects exported on this transport */
@@ -658,16 +668,19 @@
         }
 
         public void run() {
-            Thread t = Thread.currentThread();
-            String name = t.getName();
-            try {
-                t.setName("RMI TCP Connection(" +
-                          connectionCount.incrementAndGet() +
-                          ")-" + remoteHost);
-                run0();
-            } finally {
-                t.setName(name);
-            }
+            AccessController.doPrivileged((PrivilegedAction<Void>)() -> {
+                    Thread t = Thread.currentThread();
+                    String name = t.getName();
+                    try {
+                        t.setName("RMI TCP Connection(" +
+                                  connectionCount.incrementAndGet() +
+                                  ")-" + remoteHost);
+                        run0();
+                    } finally {
+                        t.setName(name);
+                    }
+                    return null;
+                }, NOPERMS_ACC);
         }
 
         private void run0() {