[rfc][icedtea-web] fix for RH816592
Omair Majid
omajid at redhat.com
Thu May 24 08:58:20 PDT 2012
On 05/24/2012 11:28 AM, Deepak Bhole wrote:
> This is still not solving the root issue -- why does the resource not
> have an entry in the map? Whatever is getting that resource should be
> adding it. getCodeSourceSecurity should only be doing a simple look up
> on security and returning what is already known.
"This is not the classloader you are looking for" :)
The code is at (line 1160)
http://java-game-lib.svn.sourceforge.net/viewvc/java-game-lib/trunk/LWJGL/src/java/org/lwjgl/util/applet/AppletLoader.java?revision=3635&view=markup#1160
The code uses a custom classloader (which does know about the urls) to
load 3rd-party jars. The custom classloader delegates to the parent
classloader to verify permissions and check if the 3rd-party jar is
signed with a good certificate or not. The custom classloader relies on
the parent classloader to grant the code the appropriate permissions
(minimial permissions if the jar is unsigned, or full permissions if the
jar is signed/trusted).
Omair
More information about the distro-pkg-dev
mailing list