How does the security manager interact with the classloaders?

Kevin Riff

In JDK 1.1, the security manager checks the classloader of the currently executing method to determine where the code came from. This determines what privilleges it should have.

In JDK 1.2 and later versions, the security model changed from a sandbox to a permissions-based model. When the classloader loads a class, it associates a protection domain with it. The protection domain determines which permissions the class has.