tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: Security Check in Classloader.
Date Thu, 24 Oct 2002 01:10:12 GMT
Foget that email. The problem is in front of the computer, not in the 
class ;-)
-- Jeanfrancois

Jean-Francois Arcand wrote:

> Hi,
>
> In StandardClassLoader, starting line 815, the SecurityManager is 
> invoked:
>
>        // (.5) Permission to access this class when using a 
> SecurityManager
>        if (securityManager != null) {
>            int i = name.lastIndexOf('.');
>            if (i >= 0) {
>                try {
>                    
> securityManager.checkPackageAccess(name.substring(0,i));
>                } catch (SecurityException se) {
>                    String error = "Security Violation, attempt to use " +
>                        "Restricted Class: " + name;
>                    System.out.println(error);
>                    se.printStackTrace();
>                    log(error);
>                    throw new ClassNotFoundException(error);
>                }
>            }
>        }
>
> Why are we calling the SecurityManager.checkPackageAccess in 
> StandardClassLoader? Since we give all permissions to 
> org.apache.catalina, I think this call is useless. This call is 
> required when invoked inside WebappClassLoader.
>
> Thanks,
>
> -- Jeanfrancois
>
>
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-dev-help@jakarta.apache.org>
>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message