Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 37473 invoked from network); 24 Oct 2002 01:10:11 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 24 Oct 2002 01:10:11 -0000 Received: (qmail 23719 invoked by uid 97); 24 Oct 2002 01:11:03 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org Received: (qmail 23692 invoked by uid 97); 24 Oct 2002 01:11:02 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 23680 invoked by uid 98); 24 Oct 2002 01:11:01 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) Message-ID: <3DB74874.2080501@apache.org> Date: Wed, 23 Oct 2002 21:10:12 -0400 From: Jean-Francois Arcand User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: Security Check in Classloader. References: <3DB6F5F8.40802@apache.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Foget that email. The problem is in front of the computer, not in the class ;-) -- Jeanfrancois Jean-Francois Arcand wrote: > Hi, > > In StandardClassLoader, starting line 815, the SecurityManager is > invoked: > > // (.5) Permission to access this class when using a > SecurityManager > if (securityManager != null) { > int i = name.lastIndexOf('.'); > if (i >= 0) { > try { > > securityManager.checkPackageAccess(name.substring(0,i)); > } catch (SecurityException se) { > String error = "Security Violation, attempt to use " + > "Restricted Class: " + name; > System.out.println(error); > se.printStackTrace(); > log(error); > throw new ClassNotFoundException(error); > } > } > } > > Why are we calling the SecurityManager.checkPackageAccess in > StandardClassLoader? Since we give all permissions to > org.apache.catalina, I think this call is useless. This call is > required when invoked inside WebappClassLoader. > > Thanks, > > -- Jeanfrancois > > > -- > To unsubscribe, e-mail: > > For additional commands, e-mail: > > > -- To unsubscribe, e-mail: For additional commands, e-mail: