This class adds protected methods to
those defined by ClassLoader. The
defineClass( ) method is passed the bytes of a
class file as a byte[ ] or, in Java 5.0, as a
ByteBuffer and a CodeSource
object that represents the source of that class. It calls the
getPermissions( ) method to obtain a
PermissionCollection for that
CodeSource and then uses the
CodeSource and
PermissionCollection to create a
ProtectionDomain, which is passed to the
defineClass( ) method of its superclass.
The default implementation of the getPermissions(
) method uses the default Policy to
determine the appropriate set of permissions for a given code source.
The value of SecureClassLoader is that subclasses
can use its defineClass( ) method to load classes
without having to work explicitly with the
ProtectionDomain and Policy
classes. A subclass of SecureClassLoader can
define its own security policy by overriding getPermissions(
). In Java 1.2 and later, any application that implements a
custom class loader should do so by extending
SecureClassLoader, instead of subclassing
ClassLoader directly. Most applications can use
java.net.URLClassLoader, however, and never have
to subclass this class.
Figure 14-35. java.security.SecureClassLoader
public class
SecureClassLoader extends ClassLoader {
// Protected Constructors
protected
SecureClassLoader ( );
protected
SecureClassLoader (ClassLoader
parent );
// Protected Instance Methods
5.0 protected final Class<?>
defineClass (String
name ,
java.nio.ByteBuffer
b , CodeSource
cs );
protected final Class<?>
defineClass (String
name , byte[ ]
b , int
off ,
int
len , CodeSource
cs );
protected PermissionCollection
getPermissions (CodeSource
codesource );
}