Name
SecureClassLoader
Synopsis
This class adds protected methods to
those defined by ClassLoader. The
defineClass( ) method is passed the bytes of a
class file as a byte[ ] or, in Java 5.0, as a
ByteBuffer and a CodeSource
object that represents the source of that class. It calls the
getPermissions( ) method to obtain a
PermissionCollection for that
CodeSource and then uses the
CodeSource and
PermissionCollection to create a
ProtectionDomain, which is passed to the
defineClass( ) method of its superclass.
The default implementation of the getPermissions(
) method uses the default Policy to
determine the appropriate set of permissions for a given code source.
The value of SecureClassLoader is that subclasses
can use its defineClass( ) method to load classes
without having to work explicitly with the
ProtectionDomain and Policy
classes. A subclass of SecureClassLoader can
define its own security policy by overriding getPermissions(
). In Java 1.2 and later, any application that implements a
custom class loader should do so by extending
SecureClassLoader, instead of subclassing
ClassLoader directly. Most applications can use
java.net.URLClassLoader, however, and never have
to subclass this class.
Figure 14-35. java.security.SecureClassLoader
public class SecureClassLoader extends ClassLoader { // Protected Constructors protected SecureClassLoader( ); protected SecureClassLoader(ClassLoader ...
Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
