Remote class loading can be tricky. The original post doesn’t include any information about the code base. It may be that the client’s security configuration is correct, but it has no access to the remote code. The classes are loaded directly from the “code base” by the client. They are not presented to the client … Read more
From the docs: The AccessControlContext of the thread that created the instance of URLClassLoader will be used when subsequently loading classes and resources. The classes that are loaded are by default granted permission only to access the URLs specified when the URLClassLoader was created. The URLClassLoader is doing exactly as its says, the AccessControlContext is … Read more
You can install a security manager which disables System.exit(): private static class ExitTrappedException extends SecurityException { } private static void forbidSystemExitCall() { final SecurityManager securityManager = new SecurityManager() { public void checkPermission( Permission permission ) { if( “exitVM”.equals( permission.getName() ) ) { throw new ExitTrappedException() ; } } } ; System.setSecurityManager( securityManager ) ; } … Read more