tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Security Check in Classloader.
Date Wed, 23 Oct 2002 19:18:16 GMT
Hi,

In StandardClassLoader, starting line 815, the SecurityManager is invoked:

        // (.5) Permission to access this class when using a SecurityManager
        if (securityManager != null) {
            int i = name.lastIndexOf('.');
            if (i >= 0) {
                try {
                    securityManager.checkPackageAccess(name.substring(0,i));
                } catch (SecurityException se) {
                    String error = "Security Violation, attempt to use " +
                        "Restricted Class: " + name;
                    System.out.println(error);
                    se.printStackTrace();
                    log(error);
                    throw new ClassNotFoundException(error);
                }
            }
        }

Why are we calling the SecurityManager.checkPackageAccess 
in StandardClassLoader? Since we give all permissions to 
org.apache.catalina, I think this call is useless. This call is required 
when invoked inside WebappClassLoader.

Thanks,

-- Jeanfrancois


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message