How to Seal Packages in a JAR
Sealing a package means that the JAR is the only source for classes of the package. A SecurityException will be thrown if any other element of the classpath tries to add additional classes to the package. The main reason for sealing a package is Java's security system, which allows to require privileges for certain functions (such as file system access) in restricted environments (such as Java Applets). Sealing prevents untrusted code from circumventing these security measures.
Another reason for sealing is preventing the user from accidentally loading two slightly different implementations for the same package, which can cause errors.
The simplest way to seal packages is two seal all packages contained in the JAR. Then you only need to add the Sealed attribute to the main section of the manifest:
Manifest-Version: 1.0 Sealed: true
Alternatively you can also seal parts of the content using per-entry attributes. You need a section for each package that you include, and can then turn sealing on or off for each section. The following example seals only two packages.
Manifest-Version: 1.0 Sealed: false Name: com/jarfiller/secure/main Sealed: true Name: com/jarfiller/secure/driver Sealed: true
