Security Check in Classloader.

Jean-Francois Arcand Wed, 23 Oct 2002 12:20:23 -0700

Hi,

In StandardClassLoader, starting line 815, the SecurityManager is invoked:

// (.5) Permission to access this class when using a SecurityManager
if (securityManager != null) {
int i = name.lastIndexOf('.');
if (i >= 0) {
try {
securityManager.checkPackageAccess(name.substring(0,i));
} catch (SecurityException se) {
String error = "Security Violation, attempt to use " +
"Restricted Class: " + name;
System.out.println(error);
se.printStackTrace();
log(error);
throw new ClassNotFoundException(error);
}
}
}

Why are we calling the SecurityManager.checkPackageAccess in StandardClassLoader? Since we give all permissions to org.apache.catalina, I think this call is useless. This call is required when invoked inside WebappClassLoader.

Thanks,

-- Jeanfrancois

--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>

Security Check in Classloader.

Reply via email to