Class Loaders & Permissions

I'm playing around with a custom class loader and granting permissions to the classes loaded (without a policy file)

I have the following class that sets up a custom permission and loads another class with that permission (The "getPermissions" override in my classloader adds this permission to the class being loaded).

Inside the loaded class I check for this permission but it always fails. I have overrided the "implies" method and it looks like the permissions are being checked and the function is returning true (meaning that the permission loaded does "imply" the one I am checking. Nevertheless, the call to AccessController.checkPermission throws an AccessControlException with "access denied".

Can someone kindly look through my code and tell me where I'm going wrong?

First my permission class

Now my loader class (and main entry point)

package testprotected;

import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLStreamHandlerFactory;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.lang.reflect.Method;
import java.util.logging.Level;
import java.util.logging.Logger;

class MyLoader extends URLClassLoader{

public MyLoader(URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) {
        super(urls, parent, factory);
    }

public MyLoader(URL[] urls) {
        super(urls);
    }

public MyLoader(URL[] urls, ClassLoader parent) {
        super(urls, parent);
    }

@Override
    protected PermissionCollection getPermissions(CodeSource codesource) {
        PermissionCollection perms = super.getPermissions(codesource);
        MyPermission p = new MyPermission("fooby.runCode");
        System.out.println(String.format("Permission granted: %s", p));
        perms.add(p);
        return perms;
    }

}
public class Main {  
    public static void main(String[] args) {
        try {
            String path = "C:\\<PATH_TO_MY_LOADED_CLASS\\build\\classes\\";
            URL[] urls = new URL[1];
            urls[0] = new URL("file://" + path);
           MyLoader load = new MyLoader(urls);
            Class c = load.loadClass("fooby.Protected");
            Object o = c.newInstance();
            Method m = c.getMethod("doFoob", (Class [])null);
            m.invoke(o, (Object []) null);
        } catch (IllegalArgumentException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (InvocationTargetException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NoSuchMethodException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (SecurityException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (InstantiationException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (IllegalAccessException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (ClassNotFoundException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        } catch (MalformedURLException ex) {
            Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
}

Here's the class that is loaded and checks the permission

And here's the console output - as you can see the permissions look ok and implies returns true, but an exception is still caught.

Permission granted: (testprotected.MyPermission fooby.runCode)
Permission to check: (testprotected.MyPermission fooby.runCode)
Inside the implies method
This - Name:fooby.runCode - Hash:-1934868025
That - Name:fooby.runCode - Hash:-1934868025
Return from implies - true
Sorry, you dont have permission access denied (testprotected.MyPermission fooby.runCode)
Details (testprotected.MyPermission fooby.runCode)

Any help would be great.>

The output I get (Java 5 on OS X) is

Permission to check: (testprotected.MyPermission fooby.runCode)
Sorry, you dont have permission access denied (testprotected.MyPermission fooby.runCode)
Details (testprotected.MyPermission fooby.runCode)

I just figured the problem - didnt load the security manager on the command line!

I needed to add this in and set a policy class giving the loading class the createClassLoader and other file based permissions.

All seems ok now.

Strange that the exception given didnt hint that the security manager wasnt loaded. It just denied access as if it were already loaded. Ah well.

There was a security manager loaded, just not the one you thought was loaded.

Paul Clapham wrote:There was a security manager loaded, just not the one you thought was loaded.

Could you elaborate?

There's always a security manager loaded. So there aren't any situations in which an error message can be issued because no security manager is loaded. And you can't reasonably expect the error message to point out that there might not be an error if some other security manager were loaded; this is always the case.

That's interesting because from my reading I'd thought that a security manager would not be installed on a standard application without that command line addidion. I tested my app without the command line options and wrote a custom Policy class, installing it before invoking the method in the loaded library and sure enough the security then worked fine. So I guess there must have been a seucrity manager present as you said.

Hi Jared Krull

Can you please paste the code samples you used to demonstrate how you solved your issue.Your help is greatly appreciated.
Your inputs might help me solve my issue.

Below was your reply.
------------------------

I just figured the problem - didnt load the security manager on the command line!

I needed to add this in and set a policy class giving the loading class the createClassLoader and other file based permissions