This class adds protected methods to those defined by ClassLoader. The defineClass( ) method is passed the bytes of a class file as a byte[ ] or, in Java 5.0, as a ByteBuffer and a CodeSource object that represents the source of that class. It calls the getPermissions( ) method to obtain a PermissionCollection for that CodeSource and then uses the CodeSource and PermissionCollection to create a ProtectionDomain, which is passed to the defineClass( ) method of its superclass.

The default implementation of the getPermissions( ) method uses the default Policy to determine the appropriate set of permissions for a given code source. The value of SecureClassLoader is that subclasses can use its defineClass( ) method to load classes without having to work explicitly with the ProtectionDomain and Policy classes. A subclass of SecureClassLoader can define its own security policy by overriding getPermissions( ). In Java 1.2 and later, any application that implements a custom class loader should do so by extending SecureClassLoader, instead of subclassing ClassLoader directly. Most applications can use, however, and never have to subclass this class.

Figure 14-35.

public class SecureClassLoader extends ClassLoader {
// Protected Constructors
     protected SecureClassLoader( );  
     protected SecureClassLoader(ClassLoader ...

Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.