2 Replies Latest reply: Jun 13, 2012 8:02 PM by 943385 RSS

    Load class failed if using security manager

    943385
      I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
      I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
      Is this a bug of JDK1.6.32?

      My Test Project as follow:

      Customized SecurityManager class:CustSecurityManager
      -----
      import java.security.Permission;

      public class CustSecurityManager extends SecurityManager {

      @Override
      public void checkPermission(Permission perm) {
      // TODO Auto-generated method stub
      System.out.println("checkPermission!");
      }



      }
      -----


      Customized Test class: ObjectFactoryTest
      -----

      import com.sun.org.apache.xalan.internal.utils.ConfigurationError;

      public class ObjectFactoryTest {

      /**
      * @param args
      * @throws ConfigurationError
      * @throws ClassNotFoundException
      * @throws
      * @throws ClassNotFoundException
      */
      public static void main(String[] args) throws ClassNotFoundException,
      ConfigurationError {
      // TODO Auto-generated method stub

      System.out.println("Start...");
      testLoadClassSuccess();
      testLoadClassFailed();
      System.out.println("End...");

      }

      *//this method doesn't use SecurityManager, and it can load the class successfully*
      public static void testLoadClassSuccess() throws ClassNotFoundException,
      ConfigurationError {
      Class clazz = com.sun.org.apache.xalan.internal.utils.ObjectFactory
      .findProviderClass("ObjectFactoryTest", true);
      System.out.println(clazz.getName());
      }

      *//this method uses SecurityManager, and it can't load the class*
      public static void testLoadClassFailed() {
      System.setSecurityManager(new CustSecurityManager());*
      Class clazz;
      try {
      clazz = com.sun.org.apache.xalan.internal.utils.ObjectFactory
      .findProviderClass("ObjectFactoryTest", true);
      } catch (ClassNotFoundException e) {
      e.printStackTrace();
      } catch (ConfigurationError e) {
      e.printStackTrace();
      }

      }

      }
      -----
        • 1. Re: Load class failed if using security manager
          EJP
          I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
          Why?
          I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
          Not surprising.
          Is this a bug of JDK1.6.32?
          No, it is a reflection of the fact that you're not supposed to use private sun and com.sun classes. There's no guarantee they will even be there in the next release. This is well documented.
          • 2. Re: Load class failed if using security manager
            943385
            Thanks for your replying!
            EJP wrote:
            I need to use the method com.sun.org.apache.xalan.internal.utils.ObjectFactory.findProviderClass(String s,Boolean b) in JDK 1.6.32.
            Why?
            I used the Ant(1.7.1) plugin in Elcipse 3.6.2 to generate JUnit report, and it used this method and failed in generating report.
            (But if I do this outside of Eclipse, it do can get the report!)
            To find out the reason, I debugged and followed this process, it's due to that Ant has set security manager before this method is called!
            So I do the simple test of the above.

            junit-frames.xsl used in my project as follow
            -----
            <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
            xmlns:lxslt="http://xml.apache.org/xslt"
            xmlns:redirect="http://xml.apache.org/xalan/redirect"
            xmlns:stringutils="xalan://org.apache.tools.ant.util.StringUtils"
            extension-element-prefixes="redirect">
            ****Omission****
            -----
            when xalan parserin jdk 1.6.32 parses xmlns:stringutils="xalan://org.apache.tools.ant.util.StringUtils" , it can't load org.apache.tools.ant.util.StringUtils

            according to my debugging, the first Exception was thrown in the following class.

            -----
            com.sun.org.apache.xalan.internal.xsltc.compiler.FunctionCall.class
            public Type typeCheck(SymbolTable stable)
                 throws TypeCheckError
            {
            ****Omission****
            if (_className != null && _className.length() > 0) {
                           try {
            clazz = ObjectFactory.findProviderClass(className, true);*     
                 namespaceformat = NAMESPACE_FORMAT_CLASS;
                           }
                           catch (ClassNotFoundException e) {
                           namespaceformat = NAMESPACE_FORMAT_PACKAGE;     
                      }
                      }
            ****Omission****
            -----

            clazz = ObjectFactory.findProviderClass(className, true);* this method throwed out java.lang.ClassNotFoundException.
            I find that , if I set sytem's security manager before this method is called, it can't help me to load the class and throw java.lang.ClassNotFoundException
            Not surprising.
            Is this a bug of JDK1.6.32?
            No, it is a reflection of the fact that you're not supposed to use private sun and com.sun classes. There's no guarantee they will even be there in the next release. This is well documented.
            Can you give me the relevant documents?