incubator-yoko-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject UtilImpl needs permission to construct a SecurityManager???
Date Sun, 04 Mar 2007 18:46:59 GMT
I've run into a situation where I'm trying to use yoko in an  
environment where it doesn't have permission to create a security  
manager.  UtilImpl and UtilLoader have the same code with a static field

     // Note: this field must be declared before the static  
intializer that calls Util.loadClass
     // since that method will call loadClass0 which uses this  
field... if it is below the static
     // initializer the _secman field will be null
     private static final SecMan _secman = new SecMan();

     static class SecMan extends java.rmi.RMISecurityManager {
         public Class[] getClassContext() {
             return super.getClassContext();

which is used in an attempt to load a class:

         ClassLoader stackLoader = null;
         Class[] stack = _secman.getClassContext();
         for (int i = 1; i < stack.length; i++) {
             stackLoader = stack[i].getClassLoader();
             if (stackLoader != null)

         if (stackLoader != null) {
             try {
                 result = stackLoader.loadClass(name);
             } catch (ClassNotFoundException ex) {
                 // skip //

             if (result != null) {
                 return result;

obviously, in an environment where we don't have permission to create  
a security manager this will fail.

I can't say I'm an expert on security managers or the classloading  
that's being attempted here.  What bad things would happen if we left  
_secman null if we can't construct this security manager and checked  
it was there before trying to use it?

david jencks

View raw message