When writing a custom class loader, sometimes it is desirable to override the getPermissions method. In most cases, it is recommended that the implementation consult the default system policy before assigning arbitrary permissions to the code source. This can be automatically handled by explicitly invoking the superclass's getPermissions() method.
Noncompliant Code Example
This noncompliant code example reads the required bytecode from a socket connection and aims to create a new class loader definition. It also shows a snippet of a custom class loader that overrides the getPermissions method and thus avoids the use of the default (more restrictive) getPermissions method defined in the Policy class. AdditionallyMoreover, a class defined using this class loader will have permissions that are completely independent of those specified in the system-wide policy file and will override them.
| Code Block | ||
|---|---|---|
| ||
protected PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection pc = new super.getPermissionsPermissions(cs);
pc.add(new RuntimePermission("exitVM")); //allow exit from the VM anytime
return pc;
}
|
Compliant Solution
...