- java.lang.Object
-
- java.lang.ClassLoader
-
- java.security.SecureClassLoader
-
- Direct Known Subclasses:
- URLClassLoader
public class SecureClassLoader extends ClassLoader
This class extends ClassLoader with additional support for defining classes with an associated code source and permissions which are retrieved by the system policy by default.
-
-
Constructor Summary
Constructors Modifier Constructor and Description protected
SecureClassLoader()
Creates a new SecureClassLoader using the default parent class loader for delegation.protected
SecureClassLoader(ClassLoader parent)
Creates a new SecureClassLoader using the specified parent class loader for delegation.
-
Method Summary
Methods Modifier and Type Method and Description protected Class<?>
defineClass(String name, byte[] b, int off, int len, CodeSource cs)
Converts an array of bytes into an instance of class Class, with an optional CodeSource.protected Class<?>
defineClass(String name, ByteBuffer b, CodeSource cs)
Converts aByteBuffer
into an instance of class Class, with an optional CodeSource.protected PermissionCollection
getPermissions(CodeSource codesource)
Returns the permissions for the given CodeSource object.-
Methods inherited from class java.lang.ClassLoader
clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, findClass, findLibrary, findLoadedClass, findResource, findResources, findSystemClass, getClassLoadingLock, getPackage, getPackages, getParent, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, loadClass, loadClass, registerAsParallelCapable, resolveClass, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners
-
-
-
-
Constructor Detail
-
SecureClassLoader
protected SecureClassLoader(ClassLoader parent)
Creates a new SecureClassLoader using the specified parent class loader for delegation.If there is a security manager, this method first calls the security manager's
checkCreateClassLoader
method to ensure creation of a class loader is allowed.- Parameters:
parent
- the parent ClassLoader- Throws:
SecurityException
- if a security manager exists and itscheckCreateClassLoader
method doesn't allow creation of a class loader.- See Also:
SecurityManager.checkCreateClassLoader()
-
SecureClassLoader
protected SecureClassLoader()
Creates a new SecureClassLoader using the default parent class loader for delegation.If there is a security manager, this method first calls the security manager's
checkCreateClassLoader
method to ensure creation of a class loader is allowed.- Throws:
SecurityException
- if a security manager exists and itscheckCreateClassLoader
method doesn't allow creation of a class loader.- See Also:
SecurityManager.checkCreateClassLoader()
-
-
Method Detail
-
defineClass
protected final Class<?> defineClass(String name, byte[] b, int off, int len, CodeSource cs)
Converts an array of bytes into an instance of class Class, with an optional CodeSource. Before the class can be used it must be resolved.If a non-null CodeSource is supplied a ProtectionDomain is constructed and associated with the class being defined.
- Parameters:
name
- the expected name of the class, ornull
if not known, using '.' and not '/' as the separator and without a trailing ".class" suffix.b
- the bytes that make up the class data. The bytes in positionsoff
throughoff+len-1
should have the format of a valid class file as defined by The Java™ Virtual Machine Specification.off
- the start offset inb
of the class datalen
- the length of the class datacs
- the associated CodeSource, ornull
if none- Returns:
- the
Class
object created from the data, and optional CodeSource. - Throws:
ClassFormatError
- if the data did not contain a valid classIndexOutOfBoundsException
- if eitheroff
orlen
is negative, or ifoff+len
is greater thanb.length
.SecurityException
- if an attempt is made to add this class to a package that contains classes that were signed by a different set of certificates than this class, or if the class name begins with "java.".
-
defineClass
protected final Class<?> defineClass(String name, ByteBuffer b, CodeSource cs)
Converts aByteBuffer
into an instance of class Class, with an optional CodeSource. Before the class can be used it must be resolved.If a non-null CodeSource is supplied a ProtectionDomain is constructed and associated with the class being defined.
- Parameters:
name
- the expected name of the class, ornull
if not known, using '.' and not '/' as the separator and without a trailing ".class" suffix.b
- the bytes that make up the class data. The bytes from positions b.position() through b.position() + b.limit() -1 should have the format of a valid class file as defined by The Java™ Virtual Machine Specification.cs
- the associated CodeSource, ornull
if none- Returns:
- the
Class
object created from the data, and optional CodeSource. - Throws:
ClassFormatError
- if the data did not contain a valid classSecurityException
- if an attempt is made to add this class to a package that contains classes that were signed by a different set of certificates than this class, or if the class name begins with "java.".- Since:
- 1.5
-
getPermissions
protected PermissionCollection getPermissions(CodeSource codesource)
Returns the permissions for the given CodeSource object.This method is invoked by the defineClass method which takes a CodeSource as an argument when it is constructing the ProtectionDomain for the class being defined.
- Parameters:
codesource
- the codesource.- Returns:
- the permissions granted to the codesource.
-
-
Document created the 11/06/2005, last modified the 04/03/2020
Source of the printed document:https://www.gaudry.be/en/java-api-rf-java/security/secureclassloader.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.