Summary
The class loading mechanism is integral to Java’s security features. Typically this integration is considered in light of the relationship between the class loader, the access controller, and the security manager. However, the class loader is important in its own right. The class loader must enforce the namespace separation between classes that are loaded from different sites (especially when these different sites are untrusted); this helps to enforce the security mechanisms of the Java language.
For sites that need a more flexible security policy, a custom class
loader may be desirable. Custom class loaders allow the security
policy to be modified as classes are defined; this is similar to (and
compatible with) providing a new implementation of the
Policy
class. However, custom class loaders
can bypass the policy class altogether, which means that they can
define immutable security policies (though, of course, installing the
class loader in the first place still requires that applications have
the appropriate policy-based permissions). In certain circumstances,
this is easier than modifying and installing
a new
Policy
class.
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.