This class adds protected methods to
those defined by ClassLoader. The
defineClass( ) method is passed the bytes of a
class file as a byte[ ] or, in Java 5.0, as a
ByteBuffer and a CodeSource
object that represents the source of that class. It calls the
getPermissions( ) method to obtain a
PermissionCollection for that
CodeSource and then uses the
CodeSource and
PermissionCollection to create a
ProtectionDomain, which is passed to the
defineClass( ) method of its superclass.
The default implementation of the getPermissions(
) method uses the default Policy to
determine the appropriate set of permissions for a given code source.
The value of SecureClassLoader is that subclasses
can use its defineClass( ) method to load classes
without having to work explicitly with the
ProtectionDomain and Policy
classes. A subclass of SecureClassLoader can
define its own security policy by overriding getPermissions(
). In Java 1.2 and later, any application that implements a
custom class loader should do so by extending
SecureClassLoader, instead of subclassing
ClassLoader directly. Most applications can use
java.net.URLClassLoader, however, and never have
to subclass this class.
public class SecureClassLoader extends ClassLoader {
// Protected Constructors
protected SecureClassLoader( );
protected SecureClassLoader(ClassLoader parent);
// Protected Instance Methods
5.0 protected final Class<?> defineClass(String name,
java.nio.ByteBuffer b, CodeSource cs);
protected final Class<?> defineClass(String name, byte[ ] b, int off,
int len, CodeSource cs);
protected PermissionCollection getPermissions(CodeSource codesource);
}
