5.4. Getting Past Security to the Loader You Need
In the situations discussed so far, only two levels of trust are involved in class loading. Trusted code launches the process and chooses security settings, and then it instantiates class loaders to load less trusted code. Less trusted code may have a greater or lesser degree of permissions, but it will almost never have permission to create a ClassLoader instance. If it did, it might lie about the ProtectionDomain of classes that it loaded, thereby subverting the security model.
To give your less-trusted code the ability to use class loaders, authors of trusted code (such as J2EE containers) need to provide a callback mechanism whereby you can request a specific class loader. The trusted code ...
Get Component Development for the Java™ Platform now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
