Page History

When a custom class loader must override the getPermissions() method, the implementation must consult the default system policy by explicitly invoking the superclass's getPermissions() method before assigning arbitrary permissions to the code source. The getPermissions() method is actually defined by SecureClassLoader, which extends ClassLoader. ClassLoader is abstract and must not be extended directly.

...

This noncompliant code example shows a fragment of a custom class loader that extends the class URLClassLoader. It overrides the getPermissions() method and does not call the superclass's more restrictive getPermissions() method. Consequently, a class defined using this custom class loader has permissions that are completely independent of those specified in the system-wide policy file; in . In effect, the class's permissions override them.

...

In this compliant solution, the getPermissions() method calls super.getPermissions(). ConsequentlyAs a result, the default system-wide security policy is applied, in addition to the custom policy.

...

Failure to consult the default system policy while defining a custom classloader class loader violates the tenets of defensive programming and can result in classes defined with unintended permissions.

Automated Detection

This Violations of this rule can be addressed discovered with a heuristic checker in the style of FindBugs. As with all heuristic checks, achieving a low false-positive rate is essential.

...

...