Class SecurityClassLoader

In this topic

Package com.ms.security Previous This
Package Next

Class SecurityClassLoader

public abstract class SecurityClassLoader extends ClassLoader
{
  // Fields
  protected URL codeBase;
  protected ThreadGroup threadGroup;

  // Constructors
  protected SecurityClassLoader();

  // Methods
  protected final synchronized Class defineClass( String name,
        byte data[],int offset,int length,
        PermissionSet permissions,Principal principal);
  protected Class findPackageManagerClass(String name)
        throws ClassNotFoundException;
  protected Class findPackageManagerClass(String name,
        boolean fNameSpaceOnly) throws ClassNotFoundException;
  protected InputStream findPackageManagerResource(String name);
  public Object getSecurityContext();
  public ThreadGroup getThreadGroup();
  protected void setCodeBase(URL codeBase);
  protected void setPackageManagerNamespace(String namespace);
  protected void setThreadGroup(ThreadGroup tg);
}

This class provides methods that associate permissions with classes. You can specify the permissions and a java.security.Principal object to associate with a new class.

ClassLoader
  |
  +--SecurityClassLoader

Constructors

SecurityClassLoader

protected SecurityClassLoader();
Instantiates a new SecurityClassLoader instance.
Exceptions:
SecurityException if all of the callers on the current execution stack are not fully trusted.

Methods

defineClass

protected final synchronized Class defineClass( String name,byte data[],int
        offset,int length, PermissionSet permissions,Principal principal);
Converts an array of bytes into an instance of Class and associates the new class with a set of permissions and a principal.
Return Value:
Returns the Class object that was created from the data.

Parameter Description

name The expected name of the class, using "." (not "/") as a separator, and without a trailing .class suffix. This value will be null if the name is unknown.
data The bytes that make up the class.
offset The start offset of the class data.
length The length of the class data.
permissions The permissions to associate with the new class. The value can be null, in which case the new class will have no associated permissions.
principal The principal to associate with the new class. The value can be null, in which case the new class will have no associated principal.

Remarks:
This method is similar to the java.lang.Class.defineClass method with the added ability to associate a set of permissions with a class. As with the java.lang.Class.defineClass method, the class must be resolved before it can be used.
Exceptions:
ClassFormatError if the data does not contain a valid Class.

findPackageManagerClass

protected Class findPackageManagerClass(String name)
        throws ClassNotFoundException;
Finds a specified class from the package manager. Within the package manager, this method will search for the class in both the global namespace and the namespace associated with the loader (if any). Calling this method is equivalent to calling findPackageManagerClass(name,false).
Return Value:
Returns a package manager class with the specified name.

Parameter Description

name The name of the class.

Exceptions:
ClassNotFoundException if this method cannot find a definition for the class.

findPackageManagerClass

protected Class findPackageManagerClass(String name,boolean fNameSpaceOnly)
        throws ClassNotFoundException;
Finds a specified class from the package manager. If the class is found, it will be marked with the set of permissions that are associated with its package within the package manager. The principal associated with the class will be based on the principal that the package manager associates with its package.
Return Value:
Returns a package manager class with the specified name.

Parameter Description

name The name of the class.
fNameSpaceOnly The flag that indicates whether to ignore the global package manager namespace during the search for the class. If the value is true, only the package manager namespace associated with the class loader will be searched; otherwise, the global namespace and the package manager namespace will be searched.

Remarks:
The fNameSpaceOnly parameter can be used to force this method to look only in the package manager namespace associated with this loader. However, only rarely would you need to exclude the global namespace from the search path. Normally, you would pass false for the fNameSpaceOnly parameter, or simply use the findPackageManagerClass method that has only one parameter.
Exceptions:
ClassNotFoundException if this method cannot find a definition for the specified class.

findPackageManagerResource

protected InputStream findPackageManagerResource(String name);
Retrieves an InputStream associated with a package manager resource with the specified name. As with the findSystemResourceX APIs, this method expects the name to be separated with a "/". For example, the package manager resource name "my/sample/baz.gif" indicates the baz.gif file within the my.sample package.
Return Value:
Returns an InputStream associated with the resource, or null if the InputStream cannot be found.

Parameter Description

name The name of the resource to find.

getSecurityContext

public Object getSecurityContext();
Retrieves the security context object associated with the class loader. Currently, this returns the codebase URL.
Return Value:
Returns the codebase URL associated with the class loader.

getThreadGroup

public ThreadGroup getThreadGroup();
Retrieves the thread group associated with the loader.
Return Value:
Returns the thread group associated with the loader.

setCodeBase

protected void setCodeBase(URL codeBase);
Sets the codebase URL associated with the class loader. Call this method before using the loader to load classes.
Return Value:
No return value.

Parameter Description

codeBase The codebase URL to associate with the loader.

Exceptions:
SecurityException if the loader already has an associated codebase URL.

setPackageManagerNamespace

protected void setPackageManagerNamespace(String namespace);
Sets the package manager namespace associated with the loader.
Return Value:
No return value.

Parameter Description

namespace The name of the package manager namespace to associate with the loader.

Remarks:
All package management class and resource loads done by this loader will look in this explicitly-named namespace in addition to the default global package manager namespace.
Exceptions:
SecurityException if the loader already has an associated package manager namespace.

setThreadGroup

protected void setThreadGroup(ThreadGroup tg);
Sets the thread group associated with the class loader. Call this method before using the loader to load classes.
Return Value:
No return value.

Parameter Description

tg The thread group to associate with the class loader.

Exceptions:
SecurityException if the loader already has an associated ThreadGroup object.

Fields

codeBase

The codebase URL associated with code from the class loader.

threadGroup

The loader's thread group.

This thread group serves as the master thread group for all code associated with this class loader. For applets, each individual applet instance will have a sub-thread group of this thread group. The security system uses this thread group to determine the active context-based thread group at any given point.

For more details on how the security system uses this thread group, see the StandardSecurityManager.getThreadGroup method.