Name
SecureClassLoader
Synopsis
This class adds protected methods to
those defined by ClassLoader. The
defineClass( ) method is passed the bytes of a
class file as a byte[ ] or, in Java 5.0, as a
ByteBuffer and a CodeSource
object that represents the source of that class. It calls the
getPermissions( ) method to obtain a
PermissionCollection for that
CodeSource and then uses the
CodeSource and
PermissionCollection to create a
ProtectionDomain, which is passed to the
defineClass( ) method of its superclass.
The default implementation of the getPermissions(
) method uses the default Policy to
determine the appropriate set of permissions for a given code source.
The value of SecureClassLoader is that subclasses
can use its defineClass( ) method to load classes
without having to work explicitly with the
ProtectionDomain and Policy
classes. A subclass of SecureClassLoader can
define its own security policy by overriding getPermissions(
). In Java 1.2 and later, any application that implements a
custom class loader should do so by extending
SecureClassLoader, instead of subclassing
ClassLoader directly. Most applications can use
java.net.URLClassLoader, however, and never have
to subclass this class.
Figure 14-35. java.security.SecureClassLoader
public class SecureClassLoader extends ClassLoader { // Protected Constructors protected SecureClassLoader( ); protected SecureClassLoader(ClassLoader ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access