you must implement. Loading the class bytes is an operation left to the reader. The reason for providing your own class loader is that you want to read the class bytes in some special way; otherwise, youd use the URLClassLoader class. The code source is another matter: we must determine a URL and a set of certificates that should be associated with the class. In a signed jar file, the certificates are read from the jar file and the URL is the location of the jar file. In Chapter 12, well show how to get the certificates from a standard jar file and construct the appropriate code source. If your class definition isnt coming from a URL, then you must be a little creative. The simplest approach is to create an arbitrary URL. You could also use the methods we examine in Chapter 10, and load one or more certificates from the keystore; you would then use both items to construct the code source. The defineClass method will call back to the getPermissions method in order to complete the definition of the protection domain for this class. And thats why the URL used to construct the code source can be arbitrary: when you write the getPermissions method, just make sure that you understand what the URL actually is. In default usage, the URL would be used to find entries in the policy files, but since youre defining your own permissions anyway, the contents of the URL dont matter. What matters is that you follow a consistent convention between the definition of your getCodeSource and findClass methods. Hence, possible implementations of the getPermissions and getCodeSource methods are as follows: protected CodeSource getCodeSourceString name { try { return new CodeSourcenew URLfile, localhost, name, null; } catch MalformedURLException mue { mue.printStackTrace ; } return null; } protected PermissionCollection getPermissionsCodeSource codesource { PermissionCollection pc = new Permissions ; pc.addnew RuntimePermissionexitVM; return pc; } If youre reading the class bytes from, say, a database, it would be more useful if you could pass an arbitrary string to construct the code source. That doesnt work directly since the code source requires a URL but the file part of the URL can be any arbitrary string. In this case, we just use the class name. Note that the getPermissions method of the SecureClassLoader class does not add the additional permissions that the same method of the URLClassLoader class adds. As a result, we do not call the super.getPermissions method; instead, we construct a new permissions object directly.

6.3.6 Other Class Loaders

There are other class loaders within the Java API. Classes loaded by the primordial class loader do not have an associated protection domain alternately, we may say that they are associated with the system protection domain, which is why they have permission to perform any operation. Chapter 6. Java Class Loaders