Does anyone rely on static ProtectionDomain's?
new ProtectionDomain(codeSource, permissions)
Static domains do not consult the Policy, ever.
Does anyone rely on a ProtectionDomain that doesn't consult the
installed policy for security decisions?
Regards,
Peter.
This relates to my other post about a non blocking policy.
Basically the two argument constructor was designed around applets and
granting permission to code, not subjects, the access decisions were
made at ProtectionDomain construction time , the policy is never consulted.
Inside Java 2