SecureClassLoader.java revision 4008
2362N/A * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 0N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 2362N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 0N/A * or visit www.oracle.com if you need additional information or have any * This class extends ClassLoader with additional support for defining * classes with an associated code source and permissions which are * retrieved by the system policy by default. * @author Roland Schemers * If initialization succeed this is set to true and security checks will * succeed. Otherwise the object is not initialized and the object is // HashMap that maps CodeSource to ProtectionDomain * Creates a new SecureClassLoader using the specified parent * class loader for delegation. * <p>If there is a security manager, this method first * calls the security manager's <code>checkCreateClassLoader</code> * method to ensure creation of a class loader is allowed. * @param parent the parent ClassLoader * @exception SecurityException if a security manager exists and its * <code>checkCreateClassLoader</code> method doesn't allow * creation of a class loader. * @see SecurityManager#checkCreateClassLoader // this is to make the stack depth consistent with 1.1 * Creates a new SecureClassLoader using the default parent class * <p>If there is a security manager, this method first * calls the security manager's <code>checkCreateClassLoader</code> * method to ensure creation of a class loader is allowed. * @exception SecurityException if a security manager exists and its * <code>checkCreateClassLoader</code> method doesn't allow * creation of a class loader. * @see SecurityManager#checkCreateClassLoader // this is to make the stack depth consistent with 1.1 * Converts an array of bytes into an instance of class Class, * with an optional CodeSource. Before the * class can be used it must be resolved. * If a non-null CodeSource is supplied a ProtectionDomain is * constructed and associated with the class being defined. * @param name the expected name of the class, or <code>null</code> * if not known, using '.' and not '/' as the separator * and without a trailing ".class" suffix. * @param b the bytes that make up the class data. The bytes in * positions <code>off</code> through <code>off+len-1</code> * should have the format of a valid class file as defined by * <cite>The Java™ Virtual Machine Specification</cite>. * @param off the start offset in <code>b</code> of the class data * @param len the length of the class data * @param cs the associated CodeSource, or <code>null</code> if none * @return the <code>Class</code> object created from the data, * and optional CodeSource. * @exception ClassFormatError if the data did not contain a valid class * @exception IndexOutOfBoundsException if either <code>off</code> or * <code>len</code> is negative, or if * <code>off+len</code> is greater than <code>b.length</code>. * @exception SecurityException if an attempt is made to add this class * to a package that contains classes that were signed by * a different set of certificates than this class, or if * the class name begins with "java.". * Converts a {@link java.nio.ByteBuffer <tt>ByteBuffer</tt>} * into an instance of class <tt>Class</tt>, with an optional CodeSource. * Before the class can be used it must be resolved. * If a non-null CodeSource is supplied a ProtectionDomain is * constructed and associated with the class being defined. * @param name the expected name of the class, or <code>null</code> * if not known, using '.' and not '/' as the separator * and without a trailing ".class" suffix. * @param b the bytes that make up the class data. The bytes from positions * <tt>b.position()</tt> through <tt>b.position() + b.limit() -1</tt> * should have the format of a valid class file as defined by * <cite>The Java™ Virtual Machine Specification</cite>. * @param cs the associated CodeSource, or <code>null</code> if none * @return the <code>Class</code> object created from the data, * and optional CodeSource. * @exception ClassFormatError if the data did not contain a valid class * @exception SecurityException if an attempt is made to add this class * to a package that contains classes that were signed by * a different set of certificates than this class, or if * the class name begins with "java.". * Returns the permissions for the given CodeSource object. * This method is invoked by the defineClass method which takes * a CodeSource as an argument when it is constructing the * ProtectionDomain for the class being defined. * @param codesource the codesource. * @return the permissions granted to the codesource. return new Permissions();
// ProtectionDomain defers the binding * Returned cached ProtectionDomain for the specified CodeSource. * Check to make sure the class loader has been initialized.