On Feb 7, 2007, at 7:56 AM, Tim Ellison wrote:
protected synchronized Class<?> loadClass(String className,
boolean resolveClass) throws ClassNotFoundException {
if (this == getSystemClassLoader()) {
int index = className.lastIndexOf('.');
String pkgName = index > 0 ? className.substring(0,
index) : "";
System.out.println("Checking visibility for " + pkgName);
if (!pkgName.startsWith("java.") && !pkgName.startsWith
("javax.")
&& !pkgName.startsWith("org.ietf.jgss")
&& !pkgName.startsWith("org.omg")
&& !pkgName.startsWith("org.w3c.dom")
&& !pkgName.startsWith("org.xml.sax")) {
throw new ClassNotFoundException(className);
}
}
return super.loadClass(className, resolveClass);
}
Revealing my ignorance about java classloading :
Why wouldn't we need to care about the caller? (This is what had me
going into the VM first...) What if loadClass() is getting called by
an implementation class, which does need access to the internal
packages that are prohibited for app classes?
geir
