Java is an object-oriented language that provides for building "applets" (pieces of networked software included, for example, in hyper-text markup language documents) and standalone applications. Java software consists of objects, where every "object" belongs to a "class". A class defines a template for the object. That is, from a class definition, multiple objects can be instantiated. Each instance of an object retains its own internal states (e.g., states of local variables) and interfaces.
Referring to FIG. 1, the Java methods are typically executed on a local computer (e.g., local client #1 150a; local client #2 150b; and local client #3 150c), connected to a server computer 102 of a computer network 100 (such as the internet). The server computer 102 has its own storage 104, and the local computer also has its own storage (e.g., local client #1 150a has local storage 154a; local client #2 150b has local storage 154b; and local client #3 150c has local storage 154c).
Class definitions are loaded into a Java system executing on the local computer using a class loader. (The discussion will use local client #1 150a as an example local computer.) When a new class is loaded into the Java system executing on the local computer 150a of the network 100, the class is associated with either the local computer 150a, or with the network 100 generally. Typically, objects of classes associated with the local computer 150a are located on the local hard drive 154a, and their classes are accessed without a class loader. Objects of classes accessed without a class loader have "superpowers" that allow these objects unrestricted access to the resources of the local computer 150a. A significant resource of the local computer 150a to which these objects have access is the file system on the local hard drive 154a.
This is in contrast to objects whose classes are loaded via a universal resource locator (URL) definition (even those classes on the local hard drive loaded via a URL that includes "file://"), whose access privileges are regulated by the AppletSecurity class of the Java system. The AppletSecurity class is a class that throws an exception when Java security policy has been violated. Specifically, classes that are loaded via the Java "class path" (i.e., located in the local file system at a location defined by the CLASSPATH environment variable) are loaded without a class loader, and objects of these classes have unrestricted access. As a result, the objects of classes accessed via the CLASSPATH may accidentally subvert the Java security policy. Many (if not all) of the Java "system library" classes are located via the CLASSPATH environment variable. By contrast, objects of classes loaded via a universal resource locator, or "URL", do not have these superpowers.
The task of ensuring that the classes accessed via the CLASSPATH environment variable do not violate the Java security policy, even if only accidentally, is an ergonomic nightmare. Not only must the "security" code (i.e., code that accesses important system resources) be checked for violations but, code that calls the "security" code must also be checked.