provides a useful way to load untrusted Java code from a search path
of arbitrary URLs, where each URL represents a directory or JAR file
to search. Use the inherited
loadClass( ) method
to load a named class with a
Classes loaded by a
URLClassLoader have whatever
permissions are granted to their
java.security.CodeSource by the system
java.security.Policy, plus they have one
additional permission that allows the class loader to read any
resource files associated with the class. If the class is loaded from
file: URL that represents a directory, the
class is given permission to read all files and directories below
that directory. If the class is loaded from a local
file: URL that represents a JAR file, the class is
given permission to read that JAR file. If the class is loaded from a
URL that represents a resource on another host, that class is given
permission to connect to and accept network connections from that
host. Note, however, that loaded classes are not granted this
additional permission if the code that created the
URLClassLoader in the first place would not have
had that permission.
You can obtain a
URLClassLoader by calling one of the
URLClassLoader( ) constructors or one of the
newInstance( ) methods. If you call
newInstance( ), the
) method of the returned
performs an additional check to ensure that the caller has permission
to access the specified package.
Figure 12-28. java.net.URLClassLoader ...
Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.