Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How let Policy override ProtectionDomains added by a classloader?  RSS feed

Robert Paris
Ranch Hand
Posts: 585
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wrote a little test where I have my Policy grant code in Test.jar only permission to read files, no writing. Then I had a custom ClassLoader load that class and set its protectiondomain to include permission to write a file. The class then attempted to write a file and it passed. When that same class was loaded by a non-custom classloader, it did not pass but threw an exception (just wanted to be sure the test was correct).
To me, this violates the administrator's understanding of what the security policy will be for the JVM. It SHOULD be only what is in my Policy. Does anyone know if there is a way to give the Policy final say? To "nullify" any ProtectionDomains added by a ClassLoader?
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!