This discussion is archived
2 Replies Latest reply: Jun 13, 2012 8:02 PM by 943385 RSS

Load class failed if using security manager

943385 Newbie
Currently Being Moderated
I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
Is this a bug of JDK1.6.32?

My Test Project as follow:

Customized SecurityManager class:CustSecurityManager
-----
import java.security.Permission;

public class CustSecurityManager extends SecurityManager {

@Override
public void checkPermission(Permission perm) {
// TODO Auto-generated method stub
System.out.println("checkPermission!");
}



}
-----


Customized Test class: ObjectFactoryTest
-----

import com.sun.org.apache.xalan.internal.utils.ConfigurationError;

public class ObjectFactoryTest {

/**
* @param args
* @throws ConfigurationError
* @throws ClassNotFoundException
* @throws
* @throws ClassNotFoundException
*/
public static void main(String[] args) throws ClassNotFoundException,
ConfigurationError {
// TODO Auto-generated method stub

System.out.println("Start...");
testLoadClassSuccess();
testLoadClassFailed();
System.out.println("End...");

}

*//this method doesn't use SecurityManager, and it can load the class successfully*
public static void testLoadClassSuccess() throws ClassNotFoundException,
ConfigurationError {
Class clazz = com.sun.org.apache.xalan.internal.utils.ObjectFactory
.findProviderClass("ObjectFactoryTest", true);
System.out.println(clazz.getName());
}

*//this method uses SecurityManager, and it can't load the class*
public static void testLoadClassFailed() {
System.setSecurityManager(new CustSecurityManager());*
Class clazz;
try {
clazz = com.sun.org.apache.xalan.internal.utils.ObjectFactory
.findProviderClass("ObjectFactoryTest", true);
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (ConfigurationError e) {
e.printStackTrace();
}

}

}
-----
  • 1. Re: Load class failed if using security manager
    EJP Guru
    Currently Being Moderated
    I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
    Why?
    I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
    Not surprising.
    Is this a bug of JDK1.6.32?
    No, it is a reflection of the fact that you're not supposed to use private sun and com.sun classes. There's no guarantee they will even be there in the next release. This is well documented.
  • 2. Re: Load class failed if using security manager
    943385 Newbie
    Currently Being Moderated
    Thanks for your replying!
    EJP wrote:
    I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
    Why?
    I used the Ant(1.7.1) plugin in Elcipse 3.6.2 to generate JUnit report, and it used this method and failed in generating report.
    (But if I do this outside of Eclipse, it do can get the report!)
    To find out the reason, I debugged and followed this process, it's due to that Ant has set security manager before this method is called!
    So I do the simple test of the above.

    junit-frames.xsl used in my project as follow
    -----
    <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
    xmlns:lxslt="http://xml.apache.org/xslt"
    xmlns:redirect="http://xml.apache.org/xalan/redirect"
    xmlns:stringutils="xalan://org.apache.tools.ant.util.StringUtils"
    extension-element-prefixes="redirect">
    ****Omission****
    -----
    when xalan parserin jdk 1.6.32 parses xmlns:stringutils="xalan://org.apache.tools.ant.util.StringUtils" , it can't load org.apache.tools.ant.util.StringUtils

    according to my debugging, the first Exception was thrown in the following class.

    -----
    com.sun.org.apache.xalan.internal.xsltc.compiler.FunctionCall.class
    public Type typeCheck(SymbolTable stable)
         throws TypeCheckError
    {
    ****Omission****
    if (_className != null && _className.length() > 0) {
                   try {
    clazz = ObjectFactory.findProviderClass(className, true);*     
         namespaceformat = NAMESPACE_FORMAT_CLASS;
                   }
                   catch (ClassNotFoundException e) {
                   namespaceformat = NAMESPACE_FORMAT_PACKAGE;     
              }
              }
    ****Omission****
    -----

    clazz = ObjectFactory.findProviderClass(className, true);* this method throwed out java.lang.ClassNotFoundException.
    I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
    Not surprising.
    Is this a bug of JDK1.6.32?
    No, it is a reflection of the fact that you're not supposed to use private sun and com.sun classes. There's no guarantee they will even be there in the next release. This is well documented.
    Can you give me the relevant documents?

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points