>I would disagree with the assessment that getResourceAsStream() relies
>on java.io.FilePermission. If you were to say that, then why shouldn't
>the following cause a permission violation:
>
> new Foo();
> Class.forName("foo.Bar");
Well, Class.forName calls a native method which in turn probably loads
the resource and uses it. The security is not imposed on native code, so
that's probably the reason it works. Or if it uses doPrivileged
properly.
> The classloader should make available the class and resource files under
> its control.
I agree. This would all work so much better if the
URLConnection-handlers used doPrivileged properly.
/Rickard
--
Rickard �berg
@home: +46 13 177937
Email: [EMAIL PROTECTED]
http://www.dreambean.com
Question reality
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
