Date: Fri, 1 May 1998 22:39:57 -0700
Message-Id: <199805020539.WAA13283@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: "Ke-Qiang Liao" <Ke-Qiang.Liao.kqliao@nt.com>
Subject: Re: HELP: checkPackageAccess
In-Reply-To: Ke-Qiang Liao's mail of Thu, 23 April, 1998
I am not sure what you are driving at. RMI uses checkPackageAccess(),
but classloader does not, or at least from my quick look over the code.
Back one-level up, what does it matter if it is checked once or twice?
What is the problem you are encountering?
Li
--Ke-Qiang Liao writes: > Hi, > > I have a detailed question concerning the method > checkPackageAccess of SecurityManager. > > Say we have two packages pv (private) and pb (public), > and we implement the security manager in such a way that > an applet can not access the private package pv but > it can access the public package pb, subject to some > other security restrictions. My question is: > > If an applet uses (subclass, invoke a method, implement > an interface, etc.) a class in pb and that class in pb > uses in its turn another class in pv, is the method > checkPackageAccess() called twice (for both pv and pb > accesses) or just once (for pb access only)? > > Basically, the question is about the interactions > between an applet class loader (implemented by us) and > the system class loader. > > According to the HTML documentation of JDK1.1.4, the method > checkPackageAccess(String pkg) > > Throws a SecurityException if the calling thread is not > allowed to access the package specified by the argument. > > That means the method is called twice in the above-mentioned > case. I have tried several cases, however the results do not > lead to a clear conclusion. > > Could you help me? Many thanks in advance. > > Christian Liao > Nortel, Canada >