URLClassLoader problem

Gilles Roussel (roussel@univ-mlv.fr)
Wed, 04 Aug 1999 19:43:21 +0200

Date: Wed, 04 Aug 1999 19:43:21 +0200
From: Gilles Roussel <roussel@univ-mlv.fr>
To: java-security@java.sun.com
Subject: URLClassLoader problem

Hello,
I'm trying to see the difference, concerning security between
URLClassLoder constructor and newInstance static method.
So I wrote the following class.

import java.net.*;

public class URLClassLoaderSecurityManager extends SecurityManager {
public void checkCreateClassLoader() {
System.err.println("create");
super.checkCreateClassLoader();
}
public void checkPackageAccess(String pkg) {
System.err.println("package :" + pkg);
super.checkPackageAccess(pkg);
}
public static void main(String[] args) throws Exception {
System.setSecurityManager(new URLClassLoaderSecurityManager());
if(args.length=3D=3D0)
URLClassLoader cl =3D new URLClassLoader(new URL[]{new
URL("file:/home/roussel/JAVA/src/")});
else
URLClassLoader cl =3D URLClassLoader.newInstance(new URL[]{new
URL("file:/home/roussel/JAVA/src/")});
Class c =3D cl.loadClass("test.Hello");
}
}

When I execute it under Solaris with jdk1.2.1 it produce a core ! Is
this a solved problem in JDK1.2.2 ?
Moreover, if I remove the setSecurityManager call and use the default
security manager with :

java -Djava.security.manager=3D URLClassLoaderSecurityManager

It throws me the expected exception *
RuntimeException createClassLoader

But when I call it with an argument, it works and I don't have the class
test.Hello in my CLASSPATH

I use the following command :

java -Dpackage.access=3D"test" -Djava.security.manager=3D
URClassLoaderSecurityManager arg

So how could I trigger the expected exception ?

Moreover, if it works, what is the advantage each construction ?

Thanks

--
Gilles Roussel
Batiment Copernic - Universit=E9 de Marne-la-Vall=E9e - Cit=E9 Descartes
5, boulevard Descartes - Champs sur Marne - 77454 Marne-la-Vall=E9e Cedex=
 2 - FRANCE
Tel : 01-60-95-75-59 - Fax : 01-60-95-75-57
WWW : http://www-igm.univ-mlv.fr/~roussel