I've run into a situation where I'm trying to use yoko in an environment where it doesn't have permission to create a security manager. UtilImpl and UtilLoader have the same code with a static field

// Note: this field must be declared before the static intializer that calls Util.loadClass // since that method will call loadClass0 which uses this field... if it is below the static
    // initializer the _secman field will be null
    private static final SecMan _secman = new SecMan();

    static class SecMan extends java.rmi.RMISecurityManager {
        public Class[] getClassContext() {
            return super.getClassContext();
        }
    }

which is used in an attempt to load a class:

        ClassLoader stackLoader = null;
        Class[] stack = _secman.getClassContext();
        for (int i = 1; i < stack.length; i++) {
            stackLoader = stack[i].getClassLoader();
            if (stackLoader != null)
                break;
        }

        if (stackLoader != null) {
            try {
                result = stackLoader.loadClass(name);
            } catch (ClassNotFoundException ex) {
                // skip //
            }

            if (result != null) {
                return result;
            }
        }



obviously, in an environment where we don't have permission to create a security manager this will fail.

I can't say I'm an expert on security managers or the classloading that's being attempted here. What bad things would happen if we left _secman null if we can't construct this security manager and checked it was there before trying to use it?


thanks
david jencks

Reply via email to