of the security implications of a class loader depend upon its
internal implementation. When you implement a class loader, you have
two basic choices: you can extend the
ClassLoader class, or you can extend the
SecureClassLoader class. The second choice is
preferred, but it is not an option for Java 1.1. If you’re
programming in 1.2, you may choose to use the URL class loader rather
than implementing your own, but the information in this section will
help you understand the security features of the URL class loader. In
this section, then, we’ll look at how to implement both default
and secure class loaders.
Aside from the primordial class loader, all Java class loaders must
java.lang.ClassLoader). Since the
ClassLoader class is
abstract, it is necessary to subclass it to
create a class loader.
In order to implement a class loader, we start with this method:
Using the rules of the class loader, find the class with the given
name and, if indicated by the
resolve variable, ensure that the class is
resolved. If the class is not found, this method should throw a
ClassNotFoundException. This method is abstract in 1.1, but not in ...