Defensively use Class.forName instead of ClassLoader.loadClass

Issue: SPR-17333

Author: jhoeller

spring-core/src/main/java/org/springframework/util/ClassUtils.java

@@ -272,15 +272,15 @@ public static Class<?> forName(String name, @Nullable ClassLoader classLoader)
 			clToUse = getDefaultClassLoader();
 		}
 		try {
-			return (clToUse != null ? clToUse.loadClass(name) : Class.forName(name));
+			return Class.forName(name, false, clToUse);
 		}
 		catch (ClassNotFoundException ex) {
 			int lastDotIndex = name.lastIndexOf(PACKAGE_SEPARATOR);
 			if (lastDotIndex != -1) {
 				String innerClassName =
 						name.substring(0, lastDotIndex) + INNER_CLASS_SEPARATOR + name.substring(lastDotIndex + 1);
 				try {
-					return (clToUse != null ? clToUse.loadClass(innerClassName) : Class.forName(innerClassName));
+					return Class.forName(innerClassName, false, clToUse);
 				}
 				catch (ClassNotFoundException ex2) {
 					// Swallow - let original exception get through

spring-jcl/src/main/java/org/apache/commons/logging/LogAdapter.java

@@ -42,19 +42,19 @@ final class LogAdapter {
 		ClassLoader cl = LogAdapter.class.getClassLoader();
 		try {
 			// Try Log4j 2.x API
-			cl.loadClass("org.apache.logging.log4j.spi.ExtendedLogger");
+			Class.forName("org.apache.logging.log4j.spi.ExtendedLogger", false, cl);
 			logApi = LogApi.LOG4J;
 		}
 		catch (ClassNotFoundException ex1) {
 			try {
 				// Try SLF4J 1.7 SPI
-				cl.loadClass("org.slf4j.spi.LocationAwareLogger");
+				Class.forName("org.slf4j.spi.LocationAwareLogger", false, cl);
 				logApi = LogApi.SLF4J_LAL;
 			}
 			catch (ClassNotFoundException ex2) {
 				try {
 					// Try SLF4J 1.7 API
-					cl.loadClass("org.slf4j.Logger");
+					Class.forName("org.slf4j.Logger", false, cl);
 					logApi = LogApi.SLF4J;
 				}
 				catch (ClassNotFoundException ex3) {