I wrote a little test where I have my Policy grant code in Test.jar only permission to read files, no writing. Then I had a custom ClassLoader load that class and set its protectiondomain to include permission to write a file. The class then attempted to write a file and it passed. When that same class was loaded by a non-custom classloader, it did not pass but threw an exception (just wanted to be sure the test was correct). To me, this violates the administrator's understanding of what the security policy will be for the JVM. It SHOULD be only what is in my Policy. Does anyone know if there is a way to give the Policy final say? To "nullify" any ProtectionDomains added by a ClassLoader?