![image.png](/uploads/projects/summerlu@jvm/ddcfeba0b2c708a0517580ad8dcf85be.png)
Long
伪装的java.lang.Long
package java.lang;
public class Long {
static {
System.out.println("I am bad Long.");
}
public Long(long value) {
}
}
LongDemo
package com.javabook.classloader.java.lang.security;
/**
* @author Summer Lu
* @email gmluyang@gmail.com
* @date 2014-8-25
*
*/
public class LongDemo {
/**
* @param args
*/
public static void main(String[] args) {
// 实际上代码无法加载这个伪装的Long,最终得到的还是JDK API中提供的Long
// 类加载器通过双亲委托模式,最终使用启动类加载器得到JDK API中提供的Long
Long badLong = new Long(1);
System.out.println("ClassLoader:" + badLong.getClass().getClassLoader());
}
}
LongDemo Console
ClassLoader:null
Virus
伪装成java.lang下的类
package java.lang;
public class Virus {
public void whoAmI() {
System.out.println("I am " + this.getClass() +
", load by [" + this.getClass().getClassLoader() + "]");
}
}
VirusDemo
package com.javabook.classloader.java.lang.security;
/**
* @author Summer Lu
* @email gmluyang@gmail.com
* @date 2014-8-25
*
*/
public class VirusDemo {
/**
* @param args
*/
public static void main(String[] args) {
// 和伪装的java.lang.Long不同,启动类加载器不能在JDK API中找到到Virus这个类
// ClassLoader.preDefineClass方法通过判断包路径来决定是否加载或抛出安全异常
// 当启动类加载器无法在java.*包路径中找以java作为包名的类则抛出安全异常
Virus virus = new Virus();
virus.whoAmI();
}
}
VirusDemo Console
Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.lang
at java.lang.ClassLoader.preDefineClass(ClassLoader.java:655)
at java.lang.ClassLoader.defineClass(ClassLoader.java:754)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:468)
at java.net.URLClassLoader.access$100(URLClassLoader.java:74)
at java.net.URLClassLoader$1.run(URLClassLoader.java:369)
at java.net.URLClassLoader$1.run(URLClassLoader.java:363)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:362)
at java.lang.ClassLoader.loadClass(ClassLoader.java:418)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:355)
at java.lang.ClassLoader.loadClass(ClassLoader.java:351)
at com.javabook.classloader.java.lang.security.VirusDemo.main(VirusDemo.java:20)