Date: Mon, 10 Nov 1997 08:21:08 +0100
From: Jeremy Cook <Jeremy.Cook@ii.uib.no>
To: Roland Schemers <Roland.Schemers@Eng>
Subject: Re: Question about JDK 1.2 security packages
Roland,
I have a further question about security, which I hope you can give some
thoughts on. In the Java 1.1 security model, it is only possible to
register a single SecurityManager. This conflicts with the Java Bean
model of re-useable components. I have a Bean with a ClassLoader and
associated SecurityManager (Suns HotJava HTML component falls into the
same catagory). This means that if a SM is already installed, then my
Bean cannot manage security for classes loaded by it's own class loader,
and more often than not, security will be refused where it should not
be. What is needed is a means of allowing multiple levels of security
management, where the SM is associated with the appropriate ClassLoader
(since the SM gets the security context from the class loader). When a
checkSomething() is called by an application, the appropriate Bean
SecurityManager should be consulted depending on the ClassLoader that
loaded the class running. I would like to know if this will be covered
in Java 1.2, it is not clear to me from the documentation. I have posed
this question to several forums, but I don't think anyone understands
the problem deeply enough to be able to comment.
-- Jeremy Cook, Senior Scientist Parallel processing laboratory ,-. ,- ,- ,- / / ,- |-. Dept. of Informatics, 5020 Bergen, Norway |-' `-` | `-` / / `-` `-' phone:+47 55 58 41 74 fax:+47 55 58 41 99 mailto:Jeremy.Cook@ii.uib.no http://www.ii.uib.no/~jeremy/