...
This noncompliant code example shows a snippet of a custom class loader that extends the class URLClassLoader. It overrides the getPermissions method and thus avoids the use of the default (more restrictive) getPermissions method defined in the Policy class URLClassLoader. Note that the superclass URLClassLoader's getPermissions() method calls the Policy class's getPermissiongetPermissions() method which by default, uses the system policy file to enforce access control. Therefore, a class defined using the custom class loader will have permissions that are completely independent of those specified in the system-wide policy file and will override them.
...