Following my previous email attached below, I have understand more about the
new Security features.
1) Is it correct to say that for the problem that I am trying to solve
below, I can just run my application with the default SecurityManager (that
means I don't have to write my own SecurityManager), grant permissions to
c:\myapp and use URLClassLoader to load MyGame from c:\mygame. Since I did
not explicitly give any permission to c:\mygame in my security file, the
class MyGame will have some default limitations. Is this correct?
2) Now the next question become what are the default/implicit restrictions
imposed and priviledges granted by the default SecurityManager? What should
I explicitly grant and restrict?
3) I need to give my application all accesses just like running it without
any SecurityManager and the classes that it loads should not be able to do:
a) access all files on the local file system
b) exit the virtual machine
Is it possible for you to give me a sample security file that will do the above?
The security file must contains only reference to c:\myapp but not c:\mygame
because my application will load classes from potentially many other
directories at runtime based on users' requests which cannot be determined
before hand and specified statically in the security file. This is my
dilemma. I am thinking of setting 3a and 3b as the default restrictions for
all codes and then explicitly grant them to c:\myapp. Is this the correct
approach and how would the security file looks like?
4) The constructor of URLClassLoader takes an array of URL as argument.
However, I cannot find the syntax for specifying local URL. Is it
"file:/c:/mygame" for Windows and "file:/home/tony/mygame" for UNIX?
---------------------------------------------------
My previous message below:
---------------------------------------------------
My application creates my own subclass of ClassLoader to load and run Java
classes at runtime. My application classes are loaded by the JVM from
c:\myapp and my application in turn use my own ClassLoader to load MyGame
from c:\mygame.
1) I want to run my application without any SecurityManager. Can I impose
security restriction programmatically for classes such as MyGame loaded by
my own ClassLoader?
2) If I run my application with SecurityManager and grant c:\myapp full
access, what will be the security restriction for classes such as MyGame
loaded by my own ClassLoader? Is it correct to assume that since the JVM
does not know that MyGame indeed come from c:\mygame, MyGame class will
inherit the security priviledge of my application (including my own
ClassLoader which is loaded from c:\myapp) which is full access?
3) In summary, could you please let me know how to create a sandbox of
security restriction for classes loaded by my own ClassLoader?
Please help.
Regards,
Tony