Java security: Sandboxing plugins loaded via URLClassLoader
From the docs: The AccessControlContext of the thread that created the instance of URLClassLoader will be used when subsequently loading classes and resources. The classes that are loaded are by default granted permission only to access the URLs specified when the URLClassLoader was created. The URLClassLoader is doing exactly as its says, the AccessControlContext is … Read more