Date: Tue, 7 Apr 1998 23:43:23 +0800 (WST)
Message-Id: <199804071543.XAA02060@jade.cs.uwa.oz.au>
From: C K MacNish <cara@cs.uwa.edu.au>
To: java-security@web2.javasoft.com
Subject: security manager trusts nothing
i have a problem which i think (?) should be fairly
straightforward. i'm running an application in which i wish to load
classes (belonging to students) from their directories, create an
instance, and execute its methods in a secure environment (default
security manager is ok). i've written the classloader etc so the
loading and running with the security manager is fine. the problem is
that when i invoke the security manager with setSecurityManager it not
only enforces the checks on the loaded class, but also on my own code,
which means that after examining their code i cannot do anything. this
seems contrary to the documentation which suggests that my own code
should be trusted. can you tell me how to have the security manager
apply only to the classes i load through the classloader?
thanks very much
Cara MacNish