Search code examples
javaclassloader

MyClassLoader.defineClass java.lang.SecurityException: Prohibited package name: java.lang

I try to extend ClassLoader. My ClassLoader.loadClass is:

 protected synchronized Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {// i put "throw"s here to clean code below

        Class<?> result = null;


            byte[] bytes = null;
            try {
                bytes = getClassFromFS(pathToClass); //get .class file from file system in bytes[]
            } catch (FileNotFoundException ex) {
                Logger.getLogger(MyLoader.class.getName()).log(Level.SEVERE, null, ex);
            } catch (IOException ex) {
                Logger.getLogger(MyLoader.class.getName()).log(Level.SEVERE, null, ex);
            }
            System.out.println("MyLoader:мой loadClass загружает класс");
            return defineClass(name, bytes, 0, bytes.length); // the proplem is here !!!

        return super.loadClass(name, resolve); 
}

lines in the "main" thread 

/*first argument - path to file. File exist, I checked it*/
myClassLoader = new MyLoader("D:\\\\customclassloader\\ClassX.class", ClassLoader.getSystemClassLoader());
classX = (SimpleInterface) myClassLoader.loadClass("customclassloader.ClassX",true).newInstance();
</pre>
then I have exception 
<pre>Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.lang
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:650)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:786)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:635)
    at customclassloader.MyLoader.loadClass(MyLoader.java:61)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:792)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:635)// the proplem is here !!!
    at customclassloader.MyLoader.loadClass(MyLoader.java:61)
    at customclassloader.CustomClassLoader.main(CustomClassLoader.java:32)

ClassX:

package customclassloader;

/**
 *
 * @author roman
 */
public class ClassX {

    static {
        System.out.println("класс ClassX инициируеться");
    }

    public ClassX() {
        System.out.println("класс ClassX конструируеться");
    }

    public void f(){
        System.out.println("класс ClassX выполняет f();");
    }


}

I donn't understend.I name class "customclassloader.ClassX". Why do it show me the name "java.lang"? The ClassX.class compiled in the same project and the same package.

Solution

  • It shows java.lang because java.lang.Object is the superclass of all classes which the loader is trying to load.

    you can check this link for sample http://www.javaworld.com/jw-10-1996/jw-10-indepth.html?page=2

    " the next step is to check if the primordial class loader can resolve this class name. This check is essential to both the sanity and security of the system. For example, if you return your own instance of java.lang.Object to the caller, then this object will share no common superclass with any other object! The security of the system can be compromised if your class loader returned its own value of java.lang.SecurityManager, which did not have the same checks as the real one did. "