Java classloader and package mechanism (Prohibited package name: XXX)

If you encounter this problem: prohibited package name:

You can refer to the followingArticle:

To gain an in-depth understanding of the classloader mechanism of Java, we will first do the following experiment:

Package java. Lang;
Public class test {
Public static void main (string [] ARGs ){
Char [] C = "1234567890". tochararray ();
String S =New String (0, 10, c );
}
}

The string class has a constructor with the package permission.String (INT offset, int length, char [] array)According to the default access permission, because test belongs to the java. lang package, this constructor of string should be accessible theoretically.Compiled!The execution result is as follows:

Exception in thread "Main"
Java. Lang. securityexception : Prohibited package name:
Java. Lang
At java. Lang. classloader. defineclass (unknown source)
At java. Security. secureclassloader. defineclass (unknown source)
At java.net. urlclassloader. defineclass (unknown source)
At java.net. urlclassloader. Access $100 (unknown source)
At java.net. urlclassloader $ 1.run( unknown source)
At java. Security. accesscontroller. doprivileged (native method)
At java.net. urlclassloader. findclass (unknown source)
At java. Lang. classloader. loadclass (unknown source)
At sun. Misc. launcher $ appclassloader. loadclass (unknown source)
At java. Lang. classloader. loadclass (unknown source)
At java. Lang. classloader. loadclassinternal (unknown source)

Strange? To find out why securityexception occurs, you must understand the classloader mechanism.

Java classloader is used to dynamically load classes. classloader loads a class only once. There are four types of classloader used by JVM:

Start the class loader, standard extension class loader, and class path LoaderAndNetwork Class Loader.

The priority of the four classloader types is from high to low.Parent-Child Assignment Model". Specifically, if a Network Class Loader is requested to load a java. lang. integer. It will first send the request to the class path loader at the upper level. If the returned result is loaded, the Network Class Loader will not load this java. lang. integer. If the class path loader at the upper level returns not loaded, it will load Java. lang. integer.

Similarly, after receiving the request (whether directly requesting loading or uploading the next-level classloader), the class path loader will first send the request to the standard extension class loader at the upper-level, in this way, the class loader has the highest priority if it finds Java in its own way. lang. the following classloader cannot load Java. lang. integer, although you write a java. lang. integer, trying to replace the Java of the core library. lang. integer is impossible, because the class you write cannot be loaded by the lower-layer classloader.

Let's talk about the package permission. The Java language specifies that, if there is no modifier for the class in the same package, the default package permission is used and the class in the package can be accessed. However, this is not accurate enough. To be exact,Only the class loaded by the same classloader has the preceding package permissions.For example, the start class loader loads java. Lang. string, and the class path loader loads java. Lang. Test Written by ourselves. They cannot access each other's methods with package permissions. This prevents malicious attacks.CodeThe package permission Method for accessing the core class.

Address: http://hi.baidu.com/lewutian/blog/item/c49744622b9a22d6e6113a75.html