aspose file tools*
The moose likes Java in General and the fly likes classes in java.lang package Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "classes in java.lang package" Watch "classes in java.lang package" New topic
Author

classes in java.lang package

Rolf Kamp
Greenhorn

Joined: Feb 23, 2003
Posts: 1
Hi:
Fully realizing it is a security violation to try
and execute a class from the java.* package not written by the folks at java, I am trying to understand how/why java run time throws a
SecurityException when I attempt to load a class written by me as part of the java.lang package.
Consider the following class, part of the java.lang package:
package java.lang;
public class X {
public static void main(String a[]) {
System.out.println("running.\n");
}
}
When I attempt to execute this I get:
Exception in thread "main" java.lang.SecurityException: Prohibited
package name: java at java.lang.ClassLoader.defineClass(Unknown Source) at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$1(Unknown Source) at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
When I disassemble the class, I see:
javap -c java.lang.X
Compiled from X.java
public class java.lang.X extends java.lang.Object {
public java.lang.X();
public static void main(java.lang.String[]);
}
But when I disassemble a class from the "official" java.lang package I see:
javap -c java.lang.System
No sourcepublic final class java.lang.System extends java.lang.Object {
Some questions:
1) How does java runtime detect the difference between my class and an "official" class that is part of java.lang?
2) Why does java runtime enforce this SecurityException?
3) Why isn't this enforced for the javax package?
4) What's the "No sourcepublic" all about in the output from javap?
TIA
Rolf.
Maulin Vasavada
Ranch Hand

Joined: Nov 04, 2001
Posts: 1871
hi,
i guess i can try answering the second question.
the reason java.lang package declared by you is not allowed is security. if you are able to create such a package then you can basically make your class behave as a part of java.lang package provided by JVM right? and you can access all the classes with your package level access rights and spoof the functionality of the standard api classes which might have a malicious code. to prevent this they don't allow any package names that are part of API.
javax packages might be allowed as they are java extensions...
others please thro more light...
regards
maulin.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: classes in java.lang package