From: llolo@us.ibm.com
To: java-security@java.sun.com
Date: Wed, 10 Feb 1999 11:17:03 -0500
Subject: Securing jar and class loading
Question/problem:
I want ensure that certain classes/beans are loaded from a specified jar
file only, and if it's not there, an exception (e.g., ClassNotFound) should
be thrown.
To illustrate the above, let's say we have a template that specifies a
recipe for a particular processing. Let's say the template says: execute
bean1, bean2, and bean3; these beans are located in template1.jar. Now,
the template executor should only load bean1, bean2 and bean3 from
template1.jar, and nowhere else, although any other classes referenced by
the beans may come from the classpath.
My understanding of (JDK 1.2) URLClassLoader is it will probably load the
beans from the jar file, but it is not guaranteed, i.e., if the bean exists
in the classpath or the extension directory. If that's true, than
URLClassLoader doesn't satisfy my requirement.
Any ideas?
Thanks,
Lolo LaSida.