Have a look in ProtectionDomain.implies()
:
if (!staticPermissions &&
Policy.getPolicyNoCheck().implies(this, permission))
return true;
This means that for dynamic ProtectionDomain
s, the current Policy
is applied. When a SecurityManager
is installed, the default policy is loaded with some grants that give access to the system properties.
To enable the same for your ProtectionDomain
, you need to use a different constructor:
public ProtectionDomain(CodeSource codesource,
PermissionCollection permissions,
ClassLoader classloader,
Principal[] principals)
This will get you half-way: The access to the system property will now pass.
But the second access to the property foo
will pass for the first protection domain and fail for the others.
To fix this, you will have to install your own default policy which allows access to both java.version
and foo
.
If you do this, then you don't need a custom ProtectionDomain
anymore; the policy will be enough.