Our web starter loads its initial resources from a single jar. Additional
resources are being fetched with a URLClassLoader which uses
AccessController.doPrivileged in its findClass method. This adds another
ProtectionDomain to the AccessControlContext retrieved by
The problem is that this ProtectionDomain is used to add new Jars to the
JNLPClassLoader in getAccessControlContextForClassLoading(). Thus we have the
issue of some classes being loaded by our URLClassLoader and some by the
JNLPClassLoader, making them incompatible.
This does not occur when using the JNLPClassLoader of the Oracle JDK, the
classpath is not changed here.