In this chapter, we’re going to explore Java’s class loading mechanism—the mechanism by which files containing Java bytecodes are read into the Java virtual machine and converted into class definitions. The operation of Java programs depends on the class loader; given Java’s desire to ensure security throughout its architecture, it should come as no surprise that class loaders are also a very important piece of the Java security story. The class loader normally works in conjunction with the security manager and access controller to provide the bulk of the protections associated with the Java sandbox.
class loader is
important in Java’s security model because initially, only the
class loader knows certain information about classes that have been
loaded into the virtual machine. Only the class loader knows where a
particular class originated, and only the class loader knows whether
or not a particular class was signed (although the class loader
arranges for the
Class object itself to carry
its signature with it). Hence, one of the keys to writing a secure
Java application is to understand the role of the class loader and to
write (or at least use) a secure class loader.
We’ll address both those points in this chapter. We begin with an overview of how the class loader functions, and the features that its basic functions add to the overall security of the Java platform. We’ll then look into writing our own class loader, the motivation for which will ...