tags:

views:

136

answers:

2
Q: 

How to extends the the class java.security.SecureClassLoader?

I want write my own ClassLoader. It should be faster and more dynamic as the default ClassLoader for Applets.

But I does not know how I should implements the method:

PermissionCollection getPermissions( CodeSource codesource )

The super implementation grant no rights also if there is a valid certificate in the CodeSource.

Must I verify the certificate self or is it already verifies form the Java VM and accepted from the User?

+1  A: 

The Sun PlugIn and WebStart override getPermissions to check the signature and check with the user whether they wish to accept the certificate. This is an implementation detail and may change in the future.

Tom Hawtin - tackline  2009-03-09 12:44:15
+1  A: 

Correct me if I am wrong - I think what you want is to create a classloader somewhere in the initialization of your applet and then load your subsequent classes using that loader. If yes, the applet will already have been granted all permissions by virtue of it being signed (and provided the user clicked on the browser warning). Your getPermissions method can look like this

    PermissionCollection p = new Permissions();
    p.add(new AllPermission());
    return p;
talonx  2009-03-09 13:03:04
Yes and No. The jar file with the classLoader was accepted and has all rights. This is not valid for the other jar files. This files can be manipulated. That this will be a security hole to accept all without checking it.
Horcrux7  2009-03-09 13:28:26
That's right - but the Custom classloader is itself inside the trusted jar - so if it has been granted all permissions, logically those permissions should 'flow' to classes that it loads. But I get your point - the files can be manipulated only by hacking the JRE plugin itself.
talonx  2009-03-09 17:03:34
As in, putting malicious versions of those classes in the parent loader (which is the plugin loader). But this also means that the client machine is compromised.
talonx  2009-03-09 17:05:15

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java