Date: Tue, 17 Mar 1998 13:08:33 -0800 (PST)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: ClassLoader
To: apannikode@zoomit.com
> The applet I am writing is to load JavaByteCode from an Object Database
> on the server and to execute them on the Browser. That means what I
> have is a byte stream of the class file. When I looked at the
> documentation of ClassLoader I found the method DefineClass() is
> protected. How can I Instantiate this serialized Class ?.
>
> One way to acheive this (correct me if I am wrong) is to write my own
> ClassLoader. But then I will not be able to run this applet from a
> Browser ?. (Default AppletClassLoader can not be replaced or extended).
> I would like to run this applet from a Browser. I am not breaking any
> security, as I will be loading the object from the server where the
> applet is downloaded. Is there any way out ?.
Use JDK1.2, which uses permission objects to allow certain code to
do certain things.
You configure what you want to allow the code to do in a policy file,
which is read by the JVM when the JVM starts up.
For example, in JDK 1.2, if you had a policy file that contained this
entry
// let code from a certain URL create a class loader
grant codeBase "http://www.zoomit.com/examples" {
permission java.lang.RuntimePermission "createClassLoader";
};
then any code that lives in the "examples" subdirectory of your
"www.zoomit.com" web server would be allowed to create a class loader.
For more information on the JDK 1.2 security model, see
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
--Marianne