Preventing dynamically loaded classes from using reflection
I'm writing a program that will allow the user to dynamically load and execute classes that extend a certain class. Plugins, basically. I want to prevent those classes (or the threads running them, if that's the way to do it) from using reflection to access parts of the program they shouldn't. I want to apply these restrictions to every class loaded by my custom ClassLoader.
I found a thread on SO that suggests it might be possible. But I don't really know where to start reading. Everything I'm finding is about applet permissions. Any pointers?
Edit: Here's a person with a similar question. But I don't understand or trust the solution. It seems kind of hackish. And this thread looks promising, but it's a lot to take in and the commenters were conflicted about the right way to do it.
Re: Preventing dynamically loaded classes from using reflection
The last link: this thread using a SecurityManager and testing the Permissions looks like a good possibility.
You're right about the details mention at that link. It does look complicated. It seems that "hackers" find ways around a lot of security barriers. You should be able to raise the security bar high enough to keep out most programmers.