@see: 8.LoadJavaVM
调用JNI_CreateJavaVM时,加载属性 sun.boot.class.path 配置的包.
private static String bootClassPath =
System.getProperty("sun.boot.class.path");
private static class BootClassPathHolder {
static final URLClassPath bcp;
static {
URL[] urls;
if (bootClassPath != null) {
urls = AccessController.doPrivileged(
new PrivilegedAction<URL[]>() {
public URL[] run() {
File[] classPath = getClassPath(bootClassPath);
int len = classPath.length;
Set<File> seenDirs = new HashSet<File>();
for (int i = 0; i < len; i++) {
File curEntry = classPath[i];
// Negative test used to properly handle
// nonexistent jars on boot class path
if (!curEntry.isDirectory()) {
curEntry = curEntry.getParentFile();
}
if (curEntry != null && seenDirs.add(curEntry)) {
MetaIndex.registerDirectory(curEntry);
}
}
return pathToURLs(classPath);
}
}
);
} else {
urls = new URL[0];
}
//缓存URLClassPath,并将ClassLoader绑定到URLClassPath,BootstrapClassLoader为null
bcp = new URLClassPath(urls, factory);
bcp.initLookupCache(null);
}
}
public static URLClassPath getBootstrapClassPath() {
return BootClassPathHolder.bcp;
}
可通过sun.misc.Launcher::getBootstrapClassPath查看:
import java.net.URL;
public class Program {
public static void main(String args[]) {
URL [] urls=sun.misc.Launcher.getBootstrapClassPath().getURLs();
for (URL url:urls) {
System.out.println(url.toExternalForm() );
}
}
}
file:/C:/Tools/Java/open-jre1.8.0_202/lib/resources.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/rt.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/sunrsasign.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/jsse.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/jce.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/charsets.jar
file:/C:/Tools/Java/open-jre1.8.0_202/lib/jfr.jar
file:/C:/Tools/Java/open-jre1.8.0_202/classes
首先创建URLStreamHandlerFactory用于根据不同协议加载不同的处理句柄(Class类),资源文件可以来自于本地文件或者网络
协议包含:file | ftp | http | https | jar | mailto | netdoc
句柄所在包:sun.net.www.protocol.${protocol}.Handler
private static URLStreamHandlerFactory factory = new Factory();
/*
* The stream handler factory for loading system protocol handlers.
*/
private static class Factory implements URLStreamHandlerFactory {
private static String PREFIX = "sun.net.www.protocol";
public URLStreamHandler createURLStreamHandler(String protocol) {
String name = PREFIX + "." + protocol + ".Handler";
try {
Class<?> c = Class.forName(name);
return (URLStreamHandler)c.newInstance();
} catch (ReflectiveOperationException e) {
throw new InternalError("could not load " + protocol +
"system protocol handler", e);
}
}
}
通过static定义Launcher变量,class加载时自动初始化
private static Launcher launcher = new Launcher();
public static Launcher getLauncher() {
return launcher;
}
创建ExtClassLoader
// Create the extension class loader
ClassLoader extcl;
try {
extcl = ExtClassLoader.getExtClassLoader();
} catch (IOException e) {
throw new InternalError(
"Could not create extension class loader", e);
}
ExtClassLoader作为sun.misc.Launcher的私有静态内部类继承自URLClassLoader,加载系统属性"java.ext.dirs"配置的jar
java.ext.dirs:
C:\Program Files\Java\jre1.8.0_201\lib\ext
C:\WINDOWS\Sun\Java\lib\ext
/*
* The class loader used for loading installed extensions.
*/
static class ExtClassLoader extends URLClassLoader {
static {
//通过Reflection.getCallerClass()获取到ExtLoader的Class对象
//判断是否是ClassLoader.class的子类
//如果是,将ExtClassLoader添加到ClassLoader$ParallelLoaders持有的Set<Class<? extends ClassLoader>> loaderTypes中
ClassLoader.registerAsParallelCapable();
}
/**
* create an ExtClassLoader. The ExtClassLoader is created
* within a context that limits which files it can read
*/
public static ExtClassLoader getExtClassLoader() throws IOException
{
final File[] dirs = getExtDirs();
try {
// Prior implementations of this doPrivileged() block supplied
// aa synthesized ACC via a call to the private method
// ExtClassLoader.getContext().
//以享有“特权”的方式执行run方法中的代码
// MetaIndex.registerDirectory()
// new ExtClassLoader()
return AccessController.doPrivileged(
//run()方法需要抛出异常时使用PrivilegedExceptionAction,
//否则使用PrivilegedAction
new PrivilegedExceptionAction<ExtClassLoader>() {
public ExtClassLoader run() throws IOException {
int len = dirs.length;
for (int i = 0; i < len; i++) {
MetaIndex.registerDirectory(dirs[i]);
}
return new ExtClassLoader(dirs);
}
});
} catch (java.security.PrivilegedActionException e) {
throw (IOException) e.getException();
}
}
void addExtURL(URL url) {
super.addURL(url);
}
/*
* Creates a new ExtClassLoader for the specified directories.
*/
public ExtClassLoader(File[] dirs) throws IOException {
//委派的父类加载器为null代表:BootStrapClassLoader
super(getExtURLs(dirs), null, factory);
//校验URLClassPath是否缓存成功,并将ClassLoader绑定到URLClassPath
SharedSecrets.getJavaNetAccess().
getURLClassPath(this).initLookupCache(this);
}
//从环境变量java.ext.dirs读取ExtClassLoader负责加载的源文件(以';'分隔符隔开)
private static File[] getExtDirs() {
String s = System.getProperty("java.ext.dirs");
File[] dirs;
if (s != null) {
StringTokenizer st =
new StringTokenizer(s, File.pathSeparator);
int count = st.countTokens();
dirs = new File[count];
for (int i = 0; i < count; i++) {
dirs[i] = new File(st.nextToken());
}
} else {
dirs = new File[0];
}
return dirs;
}
private static URL[] getExtURLs(File[] dirs) throws IOException {
Vector<URL> urls = new Vector<URL>();
for (int i = 0; i < dirs.length; i++) {
//列出各个jar中的文件名列表
String[] files = dirs[i].list();
if (files != null) {
for (int j = 0; j < files.length; j++) {
//获取所有class文件的URL存储到同步列表中
if (!files[j].equals("meta-index")) {
File f = new File(dirs[i], files[j]);
//获取文件的getCanonicalFile() -> getCanonicalFile -> getCanonicalPath
//@see: https://blog.csdn.net/cockroach02/article/details/80445570
urls.add(getFileURL(f));
}
}
}
}
//将同步列表的数据转储到数组中,提高性能
URL[] ua = new URL[urls.size()];
urls.copyInto(ua);
return ua;
}
/*
* Searches the installed extension directories for the specified
* library name. For each extension directory, we first look for
* the native library in the subdirectory whose name is the value
* of the system property <code>os.arch</code>. Failing that, we
* look in the extension directory itself.
*/
//根据名称获取library绝对路径
public String findLibrary(String name) {
name = System.mapLibraryName(name);
URL[] urls = super.getURLs();
File prevDir = null;
for (int i = 0; i < urls.length; i++) {
// Get the ext directory from the URL
File dir = new File(urls[i].getPath()).getParentFile();
if (dir != null && !dir.equals(prevDir)) {
// Look in architecture-specific subdirectory first
// Read from the saved system properties to avoid deadlock
String arch = VM.getSavedProperty("os.arch");
if (arch != null) {
File file = new File(new File(dir, arch), name);
if (file.exists()) {
return file.getAbsolutePath();
}
}
// Then check the extension directory
File file = new File(dir, name);
if (file.exists()) {
return file.getAbsolutePath();
}
}
prevDir = dir;
}
return null;
}
//创建访问控制上下文
private static AccessControlContext getContext(File[] dirs)
throws IOException
{
PathPermissions perms =
new PathPermissions(dirs);
ProtectionDomain domain = new ProtectionDomain(
new CodeSource(perms.getCodeBase(),
(java.security.cert.Certificate[]) null),
perms);
AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { domain });
return acc;
}
}
创建AppClassLoader,将ExtClassLoader设置为委派的父类加载器,将AppClassLoader设置为主线程(原始线程)的上下文类加载器
// Now create the class loader to use to launch the application
try {
loader = AppClassLoader.getAppClassLoader(extcl);
} catch (IOException e) {
throw new InternalError(
"Could not create application class loader", e);
}
// Also set the context class loader for the primordial thread.
Thread.currentThread().setContextClassLoader(loader);
AppClassLoader作为sun.misc.Launcher的私有静态内部类继承自URLClassLoader,加载系统属性"java.class.path"配置的jar
java.class.path:
.
C:\Program Files\Java\jdk1.8.0_172\lib
C:\Program Files\Java\jdk1.8.0_172\lib\dt.jar
C:\Program Files\Java\jdk1.8.0_172\tools.jar
/**
* The class loader used for loading from java.class.path.
* runs in a restricted security context.
*/
static class AppClassLoader extends URLClassLoader {
static {
ClassLoader.registerAsParallelCapable();
}
public static ClassLoader getAppClassLoader(final ClassLoader extcl)
throws IOException
{
final String s = System.getProperty("java.class.path");
final File[] path = (s == null) ? new File[0] : getClassPath(s);
// Note: on bugid 4256530
// Prior implementations of this doPrivileged() block supplied
// a rather restrictive ACC via a call to the private method
// AppClassLoader.getContext(). This proved overly restrictive
// when loading classes. Specifically it prevent
// accessClassInPackage.sun.* grants from being honored.
//
return AccessController.doPrivileged(
new PrivilegedAction<AppClassLoader>() {
public AppClassLoader run() {
URL[] urls =
(s == null) ? new URL[0] : pathToURLs(path);
return new AppClassLoader(urls, extcl);
}
});
}
final URLClassPath ucp;
/*
* Creates a new AppClassLoader
*/
AppClassLoader(URL[] urls, ClassLoader parent) {
super(urls, parent, factory);
ucp = SharedSecrets.getJavaNetAccess().getURLClassPath(this);
ucp.initLookupCache(this);
}
/**
* Override loadClass so we can checkPackageAccess.
*/
public Class<?> loadClass(String name, boolean resolve)
throws ClassNotFoundException
{
int i = name.lastIndexOf('.');
if (i != -1) {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPackageAccess(name.substring(0, i));
}
}
//判断class是否已经存在于URLClassPath中
if (ucp.knownToNotExist(name)) {
// The class of the given name is not found in the parent
// class loader as well as its local URLClassPath.
// Check if this class has already been defined dynamically;
// if so, return the loaded class; otherwise, skip the parent
// delegation and findClass.
//检查class是否已经加载过
Class<?> c = findLoadedClass(name);
if (c != null) {
if (resolve) {
//将类中的符号引用替换为直接引用
resolveClass(c);
}
return c;
}
throw new ClassNotFoundException(name);
}
//检查委派父类加载器中是否加载过该class,如果有直接返回
//如果没有,调用findClass查找class字节码文件,不存在抛出ClassNotFoundException
//如果存在,调用defineClass获取Class对象
return (super.loadClass(name, resolve));
}
/**
* allow any classes loaded from classpath to exit the VM.
*/
protected PermissionCollection getPermissions(CodeSource codesource)
{
PermissionCollection perms = super.getPermissions(codesource);
perms.add(new RuntimePermission("exitVM"));
return perms;
}
/**
* This class loader supports dynamic additions to the class path
* at runtime.
*
* @see java.lang.instrument.Instrumentation#appendToSystemClassPathSearch
*/
private void appendToClassPathForInstrumentation(String path) {
assert(Thread.holdsLock(this));
// addURL is a no-op if path already contains the URL
super.addURL( getFileURL(new File(path)) );
}
/**
* create a context that can read any directories (recursively)
* mentioned in the class path. In the case of a jar, it has to
* be the directory containing the jar, not just the jar, as jar
* files might refer to other jar files.
*/
private static AccessControlContext getContext(File[] cp)
throws java.net.MalformedURLException
{
PathPermissions perms =
new PathPermissions(cp);
ProtectionDomain domain =
new ProtectionDomain(new CodeSource(perms.getCodeBase(),
(java.security.cert.Certificate[]) null),
perms);
AccessControlContext acc =
new AccessControlContext(new ProtectionDomain[] { domain });
return acc;
}
}
java.lang.ClassLoader::loadClass,双亲委派模型,在双亲中未发现class,调用findClass查找字节码文件
// -- Class --
/**
* Loads the class with the specified <a href="#name">binary name</a>.
* This method searches for classes in the same manner as the {@link
* #loadClass(String, boolean)} method. It is invoked by the Java virtual
* machine to resolve class references. Invoking this method is equivalent
* to invoking {@link #loadClass(String, boolean) <tt>loadClass(name,
* false)</tt>}.
*
* @param name
* The <a href="#name">binary name</a> of the class
*
* @return The resulting <tt>Class</tt> object
*
* @throws ClassNotFoundException
* If the class was not found
*/
public Class<?> loadClass(String name) throws ClassNotFoundException {
return loadClass(name, false);
}
/**
* Loads the class with the specified <a href="#name">binary name</a>. The
* default implementation of this method searches for classes in the
* following order:
*
* <ol>
*
* <li><p> Invoke {@link #findLoadedClass(String)} to check if the class
* has already been loaded. </p></li>
*
* <li><p> Invoke the {@link #loadClass(String) <tt>loadClass</tt>} method
* on the parent class loader. If the parent is <tt>null</tt> the class
* loader built-in to the virtual machine is used, instead. </p></li>
*
* <li><p> Invoke the {@link #findClass(String)} method to find the
* class. </p></li>
*
* </ol>
*
* <p> If the class was found using the above steps, and the
* <tt>resolve</tt> flag is true, this method will then invoke the {@link
* #resolveClass(Class)} method on the resulting <tt>Class</tt> object.
*
* <p> Subclasses of <tt>ClassLoader</tt> are encouraged to override {@link
* #findClass(String)}, rather than this method. </p>
*
* <p> Unless overridden, this method synchronizes on the result of
* {@link #getClassLoadingLock <tt>getClassLoadingLock</tt>} method
* during the entire class loading process.
*
* @param name
* The <a href="#name">binary name</a> of the class
*
* @param resolve
* If <tt>true</tt> then resolve the class
*
* @return The resulting <tt>Class</tt> object
*
* @throws ClassNotFoundException
* If the class could not be found
*/
protected Class<?> loadClass(String name, boolean resolve)
throws ClassNotFoundException
{
synchronized (getClassLoadingLock(name)) {
// First, check if the class has already been loaded
Class<?> c = findLoadedClass(name);
if (c == null) {
long t0 = System.nanoTime();
try {
if (parent != null) {
c = parent.loadClass(name, false);
} else {
c = findBootstrapClassOrNull(name);
}
} catch (ClassNotFoundException e) {
// ClassNotFoundException thrown if class not found
// from the non-null parent class loader
}
if (c == null) {
// If still not found, then invoke findClass in order
// to find the class.
long t1 = System.nanoTime();
c = findClass(name);
// this is the defining class loader; record the stats
sun.misc.PerfCounter.getParentDelegationTime().addTime(t1 - t0);
sun.misc.PerfCounter.getFindClassTime().addElapsedTimeFrom(t1);
sun.misc.PerfCounter.getFindClasses().increment();
}
}
if (resolve) {
resolveClass(c);
}
return c;
}
}
java.net.URLClassLoader::findClass查找字节码文件,如果存在调用defineClass获取Class对象
/**
* Finds and loads the class with the specified name from the URL search
* path. Any URLs referring to JAR files are loaded and opened as needed
* until the class is found.
*
* @param name the name of the class
* @return the resulting class
* @exception ClassNotFoundException if the class could not be found,
* or if the loader is closed.
* @exception NullPointerException if {@code name} is {@code null}.
*/
protected Class<?> findClass(final String name)
throws ClassNotFoundException
{
final Class<?> result;
try {
result = AccessController.doPrivileged(
new PrivilegedExceptionAction<Class<?>>() {
public Class<?> run() throws ClassNotFoundException {
String path = name.replace('.', '/').concat(".class");
Resource res = ucp.getResource(path, false);
if (res != null) {
try {
return defineClass(name, res);
} catch (IOException e) {
throw new ClassNotFoundException(name, e);
}
} else {
return null;
}
}
}, acc);
} catch (java.security.PrivilegedActionException pae) {
throw (ClassNotFoundException) pae.getException();
}
if (result == null) {
throw new ClassNotFoundException(name);
}
return result;
}
java.net.URLClassLoader::defineClass向上调用父类SecureClassLoader的defineClass
/*
* Defines a Class using the class bytes obtained from the specified
* Resource. The resulting Class must be resolved before it can be
* used.
*/
private Class<?> defineClass(String name, Resource res) throws IOException {
long t0 = System.nanoTime();
int i = name.lastIndexOf('.');
URL url = res.getCodeSourceURL();
if (i != -1) {
String pkgname = name.substring(0, i);
// Check if package already loaded.
Manifest man = res.getManifest();
definePackageInternal(pkgname, man, url);
}
// Now read the class bytes and define the class
java.nio.ByteBuffer bb = res.getByteBuffer();
if (bb != null) {
// Use (direct) ByteBuffer:
CodeSigner[] signers = res.getCodeSigners();
CodeSource cs = new CodeSource(url, signers);
sun.misc.PerfCounter.getReadClassBytesTime().addElapsedTimeFrom(t0);
return defineClass(name, bb, cs);
} else {
byte[] b = res.getBytes();
// must read certificates AFTER reading bytes.
CodeSigner[] signers = res.getCodeSigners();
CodeSource cs = new CodeSource(url, signers);
sun.misc.PerfCounter.getReadClassBytesTime().addElapsedTimeFrom(t0);
return defineClass(name, b, 0, b.length, cs);
}
}
java.security.SecureClassLoader::defineClass继续向上调用父类ClassLoader的defineClass
/**
* Converts an array of bytes into an instance of class Class,
* with an optional CodeSource. Before the
* class can be used it must be resolved.
* <p>
* If a non-null CodeSource is supplied a ProtectionDomain is
* constructed and associated with the class being defined.
* <p>
* @param name the expected name of the class, or {@code null}
* if not known, using '.' and not '/' as the separator
* and without a trailing ".class" suffix.
* @param b the bytes that make up the class data. The bytes in
* positions {@code off} through {@code off+len-1}
* should have the format of a valid class file as defined by
* <cite>The Java™ Virtual Machine Specification</cite>.
* @param off the start offset in {@code b} of the class data
* @param len the length of the class data
* @param cs the associated CodeSource, or {@code null} if none
* @return the {@code Class} object created from the data,
* and optional CodeSource.
* @exception ClassFormatError if the data did not contain a valid class
* @exception IndexOutOfBoundsException if either {@code off} or
* {@code len} is negative, or if
* {@code off+len} is greater than {@code b.length}.
*
* @exception SecurityException if an attempt is made to add this class
* to a package that contains classes that were signed by
* a different set of certificates than this class, or if
* the class name begins with "java.".
*/
protected final Class<?> defineClass(String name,
byte[] b, int off, int len,
CodeSource cs)
{
return defineClass(name, b, off, len, getProtectionDomain(cs));
}
/**
* Converts a {@link java.nio.ByteBuffer ByteBuffer}
* into an instance of class {@code Class}, with an optional CodeSource.
* Before the class can be used it must be resolved.
* <p>
* If a non-null CodeSource is supplied a ProtectionDomain is
* constructed and associated with the class being defined.
* <p>
* @param name the expected name of the class, or {@code null}
* if not known, using '.' and not '/' as the separator
* and without a trailing ".class" suffix.
* @param b the bytes that make up the class data. The bytes from positions
* {@code b.position()} through {@code b.position() + b.limit() -1}
* should have the format of a valid class file as defined by
* <cite>The Java™ Virtual Machine Specification</cite>.
* @param cs the associated CodeSource, or {@code null} if none
* @return the {@code Class} object created from the data,
* and optional CodeSource.
* @exception ClassFormatError if the data did not contain a valid class
* @exception SecurityException if an attempt is made to add this class
* to a package that contains classes that were signed by
* a different set of certificates than this class, or if
* the class name begins with "java.".
*
* @since 1.5
*/
protected final Class<?> defineClass(String name, java.nio.ByteBuffer b,
CodeSource cs)
{
return defineClass(name, b, getProtectionDomain(cs));
}
java.lang.ClassLoader::defineClass最终调用native方法defineClass{N}获取Class对象:
private native Class<?> defineClass0(String name, byte[] b, int off, int len, ProtectionDomain pd);
或:
private native Class<?> defineClass1(String name, byte[] b, int off, int len, ProtectionDomain pd, String source);
或:
private native Class<?> defineClass2(String name, java.nio.ByteBuffer b, int off, int len, ProtectionDomain pd, String source);
/**
* Converts an array of bytes into an instance of class <tt>Class</tt>,
* with an optional <tt>ProtectionDomain</tt>. If the domain is
* <tt>null</tt>, then a default domain will be assigned to the class as
* specified in the documentation for {@link #defineClass(String, byte[],
* int, int)}. Before the class can be used it must be resolved.
*
* <p> The first class defined in a package determines the exact set of
* certificates that all subsequent classes defined in that package must
* contain. The set of certificates for a class is obtained from the
* {@link java.security.CodeSource <tt>CodeSource</tt>} within the
* <tt>ProtectionDomain</tt> of the class. Any classes added to that
* package must contain the same set of certificates or a
* <tt>SecurityException</tt> will be thrown. Note that if
* <tt>name</tt> is <tt>null</tt>, this check is not performed.
* You should always pass in the <a href="#name">binary name</a> of the
* class you are defining as well as the bytes. This ensures that the
* class you are defining is indeed the class you think it is.
*
* <p> The specified <tt>name</tt> cannot begin with "<tt>java.</tt>", since
* all classes in the "<tt>java.*</tt> packages can only be defined by the
* bootstrap class loader. If <tt>name</tt> is not <tt>null</tt>, it
* must be equal to the <a href="#name">binary name</a> of the class
* specified by the byte array "<tt>b</tt>", otherwise a {@link
* NoClassDefFoundError <tt>NoClassDefFoundError</tt>} will be thrown. </p>
*
* @param name
* The expected <a href="#name">binary name</a> of the class, or
* <tt>null</tt> if not known
*
* @param b
* The bytes that make up the class data. The bytes in positions
* <tt>off</tt> through <tt>off+len-1</tt> should have the format
* of a valid class file as defined by
* <cite>The Java™ Virtual Machine Specification</cite>.
*
* @param off
* The start offset in <tt>b</tt> of the class data
*
* @param len
* The length of the class data
*
* @param protectionDomain
* The ProtectionDomain of the class
*
* @return The <tt>Class</tt> object created from the data,
* and optional <tt>ProtectionDomain</tt>.
*
* @throws ClassFormatError
* If the data did not contain a valid class
*
* @throws NoClassDefFoundError
* If <tt>name</tt> is not equal to the <a href="#name">binary
* name</a> of the class specified by <tt>b</tt>
*
* @throws IndexOutOfBoundsException
* If either <tt>off</tt> or <tt>len</tt> is negative, or if
* <tt>off+len</tt> is greater than <tt>b.length</tt>.
*
* @throws SecurityException
* If an attempt is made to add this class to a package that
* contains classes that were signed by a different set of
* certificates than this class, or if <tt>name</tt> begins with
* "<tt>java.</tt>".
*/
protected final Class<?> defineClass(String name, byte[] b, int off, int len,
ProtectionDomain protectionDomain)
throws ClassFormatError
{
//1. 校验name的有效性,为null或空,不包含'/'且不以'['开始,不以'java.'开始
//2. 设置保护域
//3. 校验签名,和同包下的其他class签名做比较
protectionDomain = preDefineClass(name, protectionDomain);
//返回CodeSource的位置路径
String source = defineClassSourceLocation(protectionDomain);
//调用native方法生成Class对象
Class<?> c = defineClass1(name, b, off, len, protectionDomain, source);
//给class设置签名
postDefineClass(c, protectionDomain);
return c;
}
/**
* Converts a {@link java.nio.ByteBuffer <tt>ByteBuffer</tt>}
* into an instance of class <tt>Class</tt>,
* with an optional <tt>ProtectionDomain</tt>. If the domain is
* <tt>null</tt>, then a default domain will be assigned to the class as
* specified in the documentation for {@link #defineClass(String, byte[],
* int, int)}. Before the class can be used it must be resolved.
*
* <p>The rules about the first class defined in a package determining the
* set of certificates for the package, and the restrictions on class names
* are identical to those specified in the documentation for {@link
* #defineClass(String, byte[], int, int, ProtectionDomain)}.
*
* <p> An invocation of this method of the form
* <i>cl</i><tt>.defineClass(</tt><i>name</i><tt>,</tt>
* <i>bBuffer</i><tt>,</tt> <i>pd</i><tt>)</tt> yields exactly the same
* result as the statements
*
*<p> <tt>
* ...<br>
* byte[] temp = new byte[bBuffer.{@link
* java.nio.ByteBuffer#remaining remaining}()];<br>
* bBuffer.{@link java.nio.ByteBuffer#get(byte[])
* get}(temp);<br>
* return {@link #defineClass(String, byte[], int, int, ProtectionDomain)
* cl.defineClass}(name, temp, 0,
* temp.length, pd);<br>
* </tt></p>
*
* @param name
* The expected <a href="#name">binary name</a>. of the class, or
* <tt>null</tt> if not known
*
* @param b
* The bytes that make up the class data. The bytes from positions
* <tt>b.position()</tt> through <tt>b.position() + b.limit() -1
* </tt> should have the format of a valid class file as defined by
* <cite>The Java™ Virtual Machine Specification</cite>.
*
* @param protectionDomain
* The ProtectionDomain of the class, or <tt>null</tt>.
*
* @return The <tt>Class</tt> object created from the data,
* and optional <tt>ProtectionDomain</tt>.
*
* @throws ClassFormatError
* If the data did not contain a valid class.
*
* @throws NoClassDefFoundError
* If <tt>name</tt> is not equal to the <a href="#name">binary
* name</a> of the class specified by <tt>b</tt>
*
* @throws SecurityException
* If an attempt is made to add this class to a package that
* contains classes that were signed by a different set of
* certificates than this class, or if <tt>name</tt> begins with
* "<tt>java.</tt>".
*
* @see #defineClass(String, byte[], int, int, ProtectionDomain)
*
* @since 1.5
*/
protected final Class<?> defineClass(String name, java.nio.ByteBuffer b,
ProtectionDomain protectionDomain)
throws ClassFormatError
{
int len = b.remaining();
// Use byte[] if not a direct ByteBufer:
if (!b.isDirect()) {
if (b.hasArray()) {
return defineClass(name, b.array(),
b.position() + b.arrayOffset(), len,
protectionDomain);
} else {
// no array, or read-only array
byte[] tb = new byte[len];
b.get(tb); // get bytes out of byte buffer.
return defineClass(name, tb, 0, len, protectionDomain);
}
}
protectionDomain = preDefineClass(name, protectionDomain);
String source = defineClassSourceLocation(protectionDomain);
Class<?> c = defineClass2(name, b, b.position(), len, protectionDomain, source);
postDefineClass(c, protectionDomain);
return c;
}
根据系统属性"java.security.manager"加载相应的SecurityManager:
- 如果属性"java.security.manager"为:null,不加载
- 如果属性"java.security.manager"为:"" | “default”,加载系统默认SecurityManager
- 如果属性"java.security.manager"为:Class Name,加载Class并实例化
如果为 2,3 两种情况,将其设置为系统SecurityManager
// Finally, install a security manager if requested
String s = System.getProperty("java.security.manager");
if (s != null) {
SecurityManager sm = null;
if ("".equals(s) || "default".equals(s)) {
sm = new java.lang.SecurityManager();
} else {
try {
sm = (SecurityManager)loader.loadClass(s).newInstance();
} catch (IllegalAccessException e) {
} catch (InstantiationException e) {
} catch (ClassNotFoundException e) {
} catch (ClassCastException e) {
}
}
if (sm != null) {
System.setSecurityManager(sm);
} else {
throw new InternalError(
"Could not create SecurityManager: " + s);
}
}
}
The AccessController class is used for access control operations and decisions.
More specifically, the AccessController class is used for three purposes:
to decide whether an access to a critical system resource is to be allowed or denied, based on the security policy currently in effect,
to mark code as being "privileged", thus affecting subsequent access determinations, and
to obtain a "snapshot" of the current calling context so access-control decisions from a different context can be made with respect to the saved context.
@see: https://docs.oracle.com/javase/8/docs/api/java/security/AccessController.html
AccessController 类用于与访问控制相关的操作和决定。
更确切地说,AccessController 类用于以下三个目的:
基于当前生效的安全策略决定是允许还是拒绝对关键系统资源的访问,
将代码标记为享有“特权”,从而影响后续访问决定,以及
获取当前调用上下文的“快照”,这样即可相对于已保存的上下文作出其他上下文的访问控制决定。
@see: http://www.cjsdn.net/Doc/JDK60../java/security/AccessController.html
当 new 一个ClassLoader时:
- parent为null,默认父类加载器为BootstrapClassLoader。
- parent未指定,默认父类加载器为getSystemClassLoader(),即AppClassLoader。
/**
* Creates a new class loader using the specified parent class loader for
* delegation.
*
* <p> If there is a security manager, its {@link
* SecurityManager#checkCreateClassLoader()
* <tt>checkCreateClassLoader</tt>} method is invoked. This may result in
* a security exception. </p>
*
* @param parent
* The parent class loader
*
* @throws SecurityException
* If a security manager exists and its
* <tt>checkCreateClassLoader</tt> method doesn't allow creation
* of a new class loader.
*
* @since 1.2
*/
protected ClassLoader(ClassLoader parent) {
this(checkCreateClassLoader(), parent);
}
/**
* Creates a new class loader using the <tt>ClassLoader</tt> returned by
* the method {@link #getSystemClassLoader()
* <tt>getSystemClassLoader()</tt>} as the parent class loader.
*
* <p> If there is a security manager, its {@link
* SecurityManager#checkCreateClassLoader()
* <tt>checkCreateClassLoader</tt>} method is invoked. This may result in
* a security exception. </p>
*
* @throws SecurityException
* If a security manager exists and its
* <tt>checkCreateClassLoader</tt> method doesn't allow creation
* of a new class loader.
*/
protected ClassLoader() {
this(checkCreateClassLoader(), getSystemClassLoader());
}
import java.lang.String;
public class Program {
public static void main(String args[]) {
for (String arg : args) {
String value = System.getProperty(arg);
System.out.println(arg + ":");
if (value == null || value.trim().isEmpty()) {
System.out.println(value == null ? "(null)" : "(empty)");
System.out.println();
continue;
}
String[] paths = value.split(";");
for (String path : paths) {
System.out.println(path);
}
System.out.println();
}
}
}
F:\>java Program sun.boot.class.path java.ext.dirs java.class.path os.arch java.security.manager
sun.boot.class.path:
C:\Program Files\Java\jre1.8.0_201\lib\resources.jar
C:\Program Files\Java\jre1.8.0_201\lib\rt.jar
C:\Program Files\Java\jre1.8.0_201\lib\sunrsasign.jar
C:\Program Files\Java\jre1.8.0_201\lib\jsse.jar
C:\Program Files\Java\jre1.8.0_201\lib\jce.jar
C:\Program Files\Java\jre1.8.0_201\lib\charsets.jar
C:\Program Files\Java\jre1.8.0_201\lib\jfr.jar
C:\Program Files\Java\jre1.8.0_201\classes
java.ext.dirs:
C:\Program Files\Java\jre1.8.0_201\lib\ext
C:\WINDOWS\Sun\Java\lib\ext
java.class.path:
.
C:\Program Files\Java\jdk1.8.0_172\lib
C:\Program Files\Java\jdk1.8.0_172\lib\dt.jar
C:\Program Files\Java\jdk1.8.0_172\tools.jar
os.arch:
amd64
java.security.manager:
(null)
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
