This class adds protected methods to those defined by ClassLoader . The defineClass( ) method is passed the bytes of a class file as a byte[ ] or, in Java 5.0, as a ByteBuffer and a CodeSource object that represents the source of that class. It calls the getPermissions( ) method to obtain a PermissionCollection for that CodeSource and then uses the CodeSource and PermissionCollection to create a ProtectionDomain , which is passed to the defineClass( ) method of its superclass. The default implementation of the getPermissions( ) method uses the default Policy to determine the appropriate set of permissions for a given code source. The value of SecureClassLoader is that subclasses can use its defineClass( ) method to load classes without having to work explicitly with the ProtectionDomain and Policy classes. A subclass of SecureClassLoader can define its own security policy by overriding getPermissions( ) . In Java 1.2 and later, any application that implements a custom class loader should do so by extending SecureClassLoader , instead of subclassing ClassLoader directly. Most applications can use java.net.URLClassLoader , however, and never have to subclass this class. Figure 14-35. java.security.SecureClassLoaderpublic class SecureClassLoader extends ClassLoader { // Protected Constructors protected SecureClassLoader ( ); protected SecureClassLoader (ClassLoader parent ); // Protected Instance Methods 5.0 protected final Class<?> defineClass (String name , java.nio.ByteBuffer b , CodeSource cs ); protected final Class<?> defineClass (String name , byte[ ] b , int off , int len , CodeSource cs ); protected PermissionCollection getPermissions (CodeSource codesource ); } Subclassesjava.net.URLClassLoader |