Java security: Sandboxing plugins loaded via URLClassLoader

by

From the docs:
The AccessControlContext of the thread that created the instance of URLClassLoader will be used when subsequently loading classes and resources.

The classes that are loaded are by default granted permission only to access the URLs specified when the URLClassLoader was created.

The URLClassLoader is doing exactly as its says, the AccessControlContext is what you need to be looking at. Basically the thread that is being referenced in AccessControlContext does not have permissions to do what you think it does.

More Related Contents:

  1. Java 9, compatability issue with ClassLoader.getSystemClassLoader
  2. Unloading classes in java?
  3. Scanning Java annotations at runtime
  4. Find where java class is loaded from
  5. Java, Classpath, Classloading => Multiple Versions of the same jar/project
  6. Java resource as File
  7. Dealing with “Xerces hell” in Java/Maven?
  8. Difference between thread’s context class loader and normal classloader
  9. Determine which JAR file a class is from
  10. What does JVM flag CMSClassUnloadingEnabled actually do?
  11. Preventing System.exit() from API
  12. When is the static block of a class executed?
  13. Load properties file in JAR?
  14. How can I list all classes loaded in a specific class loader
  15. In Java, is it possible to know whether a class has already been loaded?
  16. Strange behavior of Class.getResource() and ClassLoader.getResource() in executable jar
  17. Class.forName() vs ClassLoader.loadClass() – which to use for dynamic loading? [duplicate]
  18. Java: no security manager: RMI class loader disabled
  19. Preloading java classes/libraries at jar startup?
  20. Replacement System Classloader for Classes In Jars containing Jars
  21. why java security manager doesn’t forbid neither creating new Thread() nor starting it?
  22. ClassCastException because of classloaders?
  23. What is a Java ClassLoader?
  24. How to use ClassLoader.getResources() correctly? [duplicate]
  25. What loads the Java system classloader?
  26. CompletableFuture / ForkJoinPool Set Class Loader
  27. Java Enums: Two enum types, each containing references to each other?
  28. Java ServiceLoader with multiple Classloaders
  29. How to replace classes in a running application in java ?
  30. URLClassLoader and accessibility of package-private methods

Leave a Comment