What happens if you set your classloader to be the current thread's
context class loader?
--
dIon Gillard, Multitask Consulting
Blog: http://blogs.codehaus.org/people/dion/
"Daryl Stultz" <[EMAIL PROTECTED]> wrote on 13/09/2003 06:54:18 AM:
> Hi folks,
>
> Suppose I build a SOAP service that runs Jelly scripts (i.e. the client
> calls the service/method and passes in the Jelly script to be executed).
I
> want the client to be able to use core Jelly tags but I don't want them
to
> do things like:
>
> <j:new className="my.choice.of.destructive.Classes" action="deleteStuff"
/>
>
> How can I control the environment / class access?
>
> I tried this:
>
> context.setClassLoader(new MyLoader());
>
> with the loader class like so to filter out classes I want to allow:
>
> public class MyLoader extends ClassLoader {
> public Class loadClass(String name) throws ClassNotFoundException {
> System.out.println("loading class = " + name);
> if (name.startsWith("org.apache.commons.jelly.tags.")) return
> super.loadClass(name);
> else throw new ClassNotFoundException("Class not authorized");
> }
> }
>
> but the only classes this loader loads are:
>
> org.apache.commons.jelly.tags.define.DefineTagLibrary
> org.apache.commons.jelly.tags.core.CoreTagLibrary
>
> Any ideas?
>
> Thanks.
>
> Daryl Stultz
> _____________________________________
> 6 Degrees Software and Consulting, Inc.
> http://www.6degrees.com
> mailto:[EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
