...
This noncompliant code example shows a snippet of a custom class loader that extends the class URLClassLoader. It overrides the getPermissions() method and does not call the superclass's more restrictive getPermissions method. Note that URLClassLoader's getPermissions() method calls the Policy class's getPermissions() method which by default, uses the system policy file to enforce access control. ThereforeConsequently, a class defined using the custom class loader will have permissions that are completely independent of those specified in the system-wide policy file and will in effect, override them.
...