See YOKO-302. I don't see any bad effects from proceeding without
the security manager if we can't create it.
thanks
david jencks
On Mar 4, 2007, at 1:46 PM, David Jencks wrote:
I've run into a situation where I'm trying to use yoko in an
environment where it doesn't have permission to create a security
manager. UtilImpl and UtilLoader have the same code with a static
field
// Note: this field must be declared before the static
intializer that calls Util.loadClass
// since that method will call loadClass0 which uses this
field... if it is below the static
// initializer the _secman field will be null
private static final SecMan _secman = new SecMan();
static class SecMan extends java.rmi.RMISecurityManager {
public Class[] getClassContext() {
return super.getClassContext();
}
}
which is used in an attempt to load a class:
ClassLoader stackLoader = null;
Class[] stack = _secman.getClassContext();
for (int i = 1; i < stack.length; i++) {
stackLoader = stack[i].getClassLoader();
if (stackLoader != null)
break;
}
if (stackLoader != null) {
try {
result = stackLoader.loadClass(name);
} catch (ClassNotFoundException ex) {
// skip //
}
if (result != null) {
return result;
}
}
obviously, in an environment where we don't have permission to
create a security manager this will fail.
I can't say I'm an expert on security managers or the classloading
that's being attempted here. What bad things would happen if we
left _secman null if we can't construct this security manager and
checked it was there before trying to use it?
thanks
david jencks
