[EMAIL PROTECTED] wrote: > > Hi Edwin, > > Let me see if I can summarize where we're at here (and explain to myself > why Rob's code works for him if Edwin's right about what's going on). If > Rob's on a Sun JDK 1.4.x and doesn't use the endorsed standards override > mechanism, he should break if Edwin's right because he'll pick up Crimson's > JAXP/SAX factories before his hacked Xerces libs, and the crimson factories
AKA the javax.xml.parsers.FactoryFinder class that is part of rt.jar which is loaded by the bootstrap classloader. > will still refuse to do anything but look at the context class loader. Yup. > > If he uses endorsed standards override with his hacked Xerces, then he'll > always get his hacked xerces because of the fallback he's introduced and > because the bootclassloader is the one that's loaded these "endorsed" > API's. Yes, b/c effectively Xerces would be loaded by the bootstrap CL if the custom CL follows the CL usual delegation model. > > If the above is substantially correct, then the fallback is still useful in > that at least one implementation--provided via endorsed standards--is > accesible to an app that refuses to use the context classloader, even if > that app can never override this one. Yes, it would work if you used the endorsed standards override. But you would also have to override the javax.xml.* packages. As I understand it, one cannot override those packages legally and redistribute. See http://java.sun.com/j2se/1.4/docs/guide/standards/ for a list of packages. In any case, I will add the requested classloading changes when I also add related security doPrivileged blocks to the code. -Edwin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
