Describe the bug
Proxy codebases currently require RuntimePermission createClassLoader, while this may occur after authentication of the proxy, we don't really want downloaded code having permission to create a ClassLoader, even if trusted, as it violates the principle of least privilege. RuntimePermission createClassLoader allows the proxy to escalate privileges. This would have been worse with the Jini 2.1 ProxyTrust model, where code was first loaded, prior to authentication.
This is due to PreferrectClassProvider creating a PreferredClassLoader using the context of the proxy codebase string. Instead the context should be used by PreferredClassLoader when loading classes or resources.
Expected behavior
Proxy should only require network, socket and URL connection permissions.
Describe the bug Proxy codebases currently require RuntimePermission createClassLoader, while this may occur after authentication of the proxy, we don't really want downloaded code having permission to create a ClassLoader, even if trusted, as it violates the principle of least privilege. RuntimePermission createClassLoader allows the proxy to escalate privileges. This would have been worse with the Jini 2.1 ProxyTrust model, where code was first loaded, prior to authentication.
This is due to PreferrectClassProvider creating a PreferredClassLoader using the context of the proxy codebase string. Instead the context should be used by PreferredClassLoader when loading classes or resources. Expected behavior Proxy should only require network, socket and URL connection permissions.