ClassLoader creation apparently must be run as a privileged action so that if

unprivileged code calls into privileged code, the security manager "does the
right thing" (I'd explain this better if I understood it better).


git-svn-id: https://samskivert.googlecode.com/svn/trunk@2724 6335cc39-0255-0410-8fd6-9bcaacd3b74c
This commit is contained in:
samskivert
2010-02-09 21:08:37 +00:00
parent 7829ca78dc
commit 2f912d7068
@@ -24,6 +24,8 @@ import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
@@ -160,13 +162,17 @@ public class SiteResourceLoader
// create one if we've not
if (loader == null) {
SiteResourceBundle bundle = getBundle(siteId);
final SiteResourceBundle bundle = getBundle(siteId);
if (bundle == null) {
// no bundle... no classloader.
return null;
}
loader = new SiteClassLoader(bundle);
loader = AccessController.doPrivileged(new PrivilegedAction<SiteClassLoader>() {
public SiteClassLoader run () {
return new SiteClassLoader(bundle);
}
});
_loaders.put(siteId, loader);
}