In this chapter, we’re going to look at the third major component that determines the security policy of a Java program: the Java class loader. Class loaders are the mechanism by which files (or other sources) containing Java bytecodes are read into the Java virtual machine and converted into class definitions.
There are three areas in which the class loader operates with the
security model. First, the class loader cooperates with the virtual
machine to define namespaces, which protect the integrity of the
security features built into the Java language. Second, the class
loader calls the security manager when appropriate, ensuring that
code has the appropriate permissions in order to access or define
classes. And third, the class loader sets up the mapping of
permissions to class objects (the protection domain of each class) so
that the access controller knows which classes have which
permissions. The last of these areas is the one which is of most use
to developers: if you want to establish a different security policy
in your application, it’s easier to do it by writing a custom
class loader and establishing the permissions of classes within that
class loader than by writing a new implementation of the
In this chapter, we’ll address all of these points. We’ll also look into the class loader classes that come with Java and how to write your own class loader. As with the other elements of the Java sandbox, the ability to create and use ...