I have a signed applet that serves as a front-loader that will load code from a user provided jar. My applet is signed as it needs to interface with native libraries, but I want the user provided jar to be sandboxed. I looked at the Security Manager and it seems you can apply restrictions to a particular package although I will have no control over their naming so that doesn't work. This document (
http://java.sun.com/developer/TechTips/2000/tt0926.html) indicated that it was possible, though difficult, to get information about the source of certain classes via the URLClassLoader which I assume would be used when loading my applet files. My biggest question is, can a Security Manager installed by my signed applet restrict the permissions for code loaded from an unsinged (or signed with a different certificate) jar file, and if so, where would I look for information on this?
David Koontz