Loaded classes and security?
I have a question about security and classloader:
While running a signed xlet I load some classes (from a downloaded jar file) using URLClassLoader. Once the classes are loaded, i can correctly find and instantiate them.
To be more precise, i use URLClassLoader.newInstance(URL, this.getClass().getClassLoader()).
The problems arise every time i try to use a feature that requires either some specific permission or a signed application (like getting buda.root property). Some players raise a SecuriyException.
I don't get why this should happen, since:
1. the Xlet is correctly signed and has its perm file set (if i run the same code from the original loaded classes everything is ok)
2. the loaded jar file is signed with the same keystore of the original Xlet.
Maybe i'm missing some fundamental on security? Please someone shed some light!