I've run into a situation where I'm trying to use yoko in an
environment where it doesn't have permission to create a security
manager. UtilImpl and UtilLoader have the same code with a static field
// Note: this field must be declared before the static
intializer that calls Util.loadClass
// since that method will call loadClass0 which uses this
field... if it is below the static
// initializer the _secman field will be null
private static final SecMan _secman = new SecMan();
static class SecMan extends java.rmi.RMISecurityManager {
public Class[] getClassContext() {
return super.getClassContext();
}
}
which is used in an attempt to load a class:
ClassLoader stackLoader = null;
Class[] stack = _secman.getClassContext();
for (int i = 1; i < stack.length; i++) {
stackLoader = stack[i].getClassLoader();
if (stackLoader != null)
break;
}
if (stackLoader != null) {
try {
result = stackLoader.loadClass(name);
} catch (ClassNotFoundException ex) {
// skip //
}
if (result != null) {
return result;
}
}
obviously, in an environment where we don't have permission to create
a security manager this will fail.
I can't say I'm an expert on security managers or the classloading
that's being attempted here. What bad things would happen if we left
_secman null if we can't construct this security manager and checked
it was there before trying to use it?
thanks
david jencks
