I am looking to load a JAR at runtime but want loading to fail if the JARs aren't either signed nor sealed. I know that Java JCE has this capability when loading new crypto algorithms. Do any of the plugin frameworks already support this functionality? Otherwise, what is the best approach?
+2
A:
OSGi has a well defined and logical security model for loading signed jars (dunno about sealed). Although OSGi is a lot more than just a plugin framework, so you'll find you need a lot of refactoring work.
Well worth the effort tho :)
Cogsy
2009-04-25 12:45:03