KEMBAR78
Java Class Loader | PPT
BG
Uploaded byBhanu Gopularam
1,423 views

Java Class Loader

The document discusses Java class loaders and their security features, detailing the phases of class loading, different types of class loaders, and common exceptions encountered. It provides insights into debugging class loader problems and the importance of securing code during class loading. Additionally, the document includes resources for further reading on Java language specifications and security architecture.

Technology
In this document
Powered by AI

Introduction to Java Class Loader presented by Bhanu Prakash Gopularam, highlighting its importance in Java's security.

Overview of the topics covered in the presentation, including Java Class Loader phases and debugging techniques.

Details of Java as a general-purpose programming language with built-in security architecture and applet sandbox.

ClassLoader functionality explained, including its role as a defense mechanism and resolving class references.

Steps in verification processes including structural, semantic, bytecode verification, and symbolic references check.

Explains Bootstrap, Extension, Application, SecureClassLoader, URLClassLoader, and Context Class Loader.

Reasons for crafting custom class loaders, including alternative delegation models, hot deployment, and security enhancements.

Illustrative examples using class loading in versions and RMI Execution Engine showcasing class interactions.

Discusses namespace segregation, malicious class detection, and integrity verification through protection domains.

Types of exceptions like ClassNotFoundException and NoClassDefFoundError, their causes, and how to troubleshoot.

Methods for debugging class loading problems using verbose output, class file checks, and libraries.

Questions posed regarding Class.forName vs classLoader.loadClass, necessity of the main method, and detailed class file data.

A list of resources including Java specifications, security architecture references, and learning materials.

Concluding the presentation with an invitation for questions and answers.

Java Class Loader & Security Bhanu Prakash Gopularam Senior Engineer Java Platform Group
Agenda • Introduction • Java Class Loader • Java Class Loading Phases • Custom Class loading • Class Loader Exceptions • Debugging Class loader Problems • Questions
Java Language Java Platform and Programming language introduced in 1995 • Java Language – General purpose object oriented programming language – Automatic storage management – GC – Platform independent code, security and network mobility • Few Java Language Security features – Built in Security Architecture – Configurable policies and domains – Applet Sand box: Allows securely download and run untrusted Java programs over the network
Java Class Loader - Introduction ClassLoader “Reads byte code into JVM” A class is defined by its <class name, defining class loader> Goals of Class Loader: • Make first line of defense • Guard system packages from fake classes and spoofing attacks • Resolve symbolic references from one class to another
Java Class loading phases Verification Process: 1.Structural check 2.Semantic check 3.Byte code verification 4.Symbolic references check
Java Class Loaders 1. Bootstrap or Primordial Class Loader • rt.jar • -XbootClassPath – use judiciously • System property sun.boot.class.path 1. Extension Class Loader • Installed optional packages, lib/ext (in JRE) or jre/lib/ext (in JDK) • $JRE_HOME/lib/ext • System property java.ext.dirs 1. Application Class Loader • Application classpath $CLASSPATH or -cp variable • System property java.class.path • Misleadingly it is also called as System Classloader • Can be changed using property -Djava.system.class.loader
4. SecureClassLoader – Adds support for code security model in JDK 1.2 • Adds defineClass(String name, CodeSource) • Adds getPermissions(CodeSource) 4. URLClassLoader – Loads classes from specified url path (dir or jar file) – Extends from SecureClassLoader • Supports loading classes from URL code sources 5. Context Class Loader – Context class loader is provided by creator of thread – If Security Manager is present, checkPermission() is invoked with getClassLoader() call Java Class Loaders – contd..
Java Class loader Delegation
Why to write own class loader ? 1. Alternative delegation model - Java EE web modules  Checks local repositories first, common folder in Tomcat. However loading of system classes remain unchanged  By instantiating class loader again, a class can be reloaded 1. Hot Deployment  Support upgrade 1. Class loader and Security  Add extra code after findClass() and before defineClass(), compression, encryption techniques 1. Modifying the class files  Add extra debugging logic Example: BCEL (Byte code engineering library) and ASM tools
Example (1): Jars in same classpath v1/version.java v2/version.java Test.java
Example (2): RMI Execution Engine Server taskIntf.execute() Client-2 Client-1 serverIntf.execute(taskIntf) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(TaskInterface) common.ServerInterface execute(TaskInterface) Server.ServerImpl execute(TaskInterface) Server.ServerImpl execute(TaskInterface)
Example (3): RMI Execution Engine Server fileSystemClassLoader.execute(codeNa me, code) Client-2 Client-1 serverIntf.execute(codeName, byte[]) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(CodeName, byte[]) common.ServerInterface execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) common.FileSystemClassLoader ClassLoader
Class Loader Security • Classes are separated using namespaces • Built-in checks for identifying malicious classes • Encloses class into ProtectionDomain • Verification of code for valid signature • Class File Verifier does various checks for integrity
ClassLoader Exceptions 1. ClassNotFoundException – ClassLoader.findSystemClass(), loadClass() fails – Wrong classloader is used or Dir is not added  Figure out what class loader and parent class loader and see why class cannot be loaded 1. NoClassDefFoundError – Indicates linkage problem, Symbolic reference cannot be found. – Folder or source of class is not made available to parent class loader – Check the stacktrace to find the class name  Figure out class loader and missing symbolic link  List parent class loaders recursively
3. ClassCastException – Casting an object to an unrelated class  Check for type and classloader used 4. UnSatisfiedLinkError – System.loadLibrary(“solaris.image_converter”), loading JNI code  JVM is unable to find proper native library of class, check references 5. ClassCircularityError – Thrown when some class is a indirect superclass of itself, an Interface extends itself or similar, mainly when diff versions of same library is loaded  Check for double class names in classpath ClassLoader Exceptions – Contd.
Debugging Class Loading Problems 1. Use java –verbose class HelloWord 2. Use javap –private HelloWord 3. Linux check class file – find *.jar –exec jar –tf ‘{}’ ; | grep HelloWorld 1. Use BCEL or ASM libraries, ByteCode visualizer for Eclipse
Questions - 1 • Difference between Class.forName() vs classLoader.loadClass()
Questions - 2 • In Java, what is the need for main method? public static void main(String args[])
Questions - 3 • Guess first 4 bytes of a class file! Byte code generated by compiler need to have standard data at beginning of the file
Resources 1. The Java Language Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jls/se8/jls8.pdf 2. The Java Virtual Machine Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jvms/se8/jvms8.pdf 3. Demystifying Java Platform Security Architecture, Ramesh Nagappan 4. Internals of Java Class Loading, Binildas Christudas, O'Reilly, OnJava.com 5. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services and Identity Management, Sun MicroSystems, Prentice Hall 6. Java and JVM security vulnerabilities and their exploitation techniques 7. http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd.pdf 8. GitHub URL - https://github.com/gopularam/developer/tree/master/Classloader 9. Slideshare URL - http://www.slideshare.net/bhanugopularam/java-class-loader- 49366166
Thank You. Q/A

More Related Content

PDF
Java11 New Features
byHaim Michael
 
PDF
Spring Boot
byJaran Flaath
 
PPTX
Spring boot
byGyanendra Yadav
 
PPTX
Introduction to java 8 stream api
byVladislav sidlyarevich
 
PDF
Spring Boot
byPei-Tang Huang
 
PPTX
Spring Boot and REST API
by07.pallav
 
PPTX
Spring Boot Tutorial
byNaphachara Rattanawilai
 
PDF
Introduction to Spring Boot!
byJakub Kubrynski
 
Java11 New Features
byHaim Michael
 
Spring Boot
byJaran Flaath
 
Spring boot
byGyanendra Yadav
 
Introduction to java 8 stream api
byVladislav sidlyarevich
 
Spring Boot
byPei-Tang Huang
 
Spring Boot and REST API
by07.pallav
 
Spring Boot Tutorial
byNaphachara Rattanawilai
 
Introduction to Spring Boot!
byJakub Kubrynski
 

What's hot

PDF
Spring Boot
byHongSeong Jeon
 
PDF
Spring boot introduction
byRasheed Waraich
 
PPTX
Discover Quarkus and GraalVM
byRomain Schlick
 
PDF
Basics of reflection in java
bykim.mens
 
PPTX
Spring boot
bysdeeg
 
PDF
Batch and Stream Graph Processing with Apache Flink
byVasia Kalavri
 
PDF
Spring boot
byBhagwat Kumar
 
PDF
Spring Framework - Core
byDzmitry Naskou
 
PPTX
Springboot Microservices
byNexThoughts Technologies
 
PDF
Testing with Spring: An Introduction
bySam Brannen
 
DOCX
JDK,JRE,JVM
byCognizant
 
DOC
Java Class Loading
bySandeep Verma
 
PDF
REST APIs with Spring
byJoshua Long
 
PDF
Introduction to Java 11
byKnoldus Inc.
 
PDF
Battle of the frameworks : Quarkus vs SpringBoot
byChristos Sotiriou
 
PPTX
Introduction to java
bySandeep Rawat
 
PPT
JUnit 4
bySunil OS
 
PDF
Learn Java with Dr. Rifat Shahriyar
byAbir Mohammad
 
PDF
Java - OOPS and Java Basics
byVicter Paul
 
PDF
Java Strings Tutorial | String Manipulation in Java | Java Tutorial For Begin...
byEdureka!
 
Spring Boot
byHongSeong Jeon
 
Spring boot introduction
byRasheed Waraich
 
Discover Quarkus and GraalVM
byRomain Schlick
 
Basics of reflection in java
bykim.mens
 
Spring boot
bysdeeg
 
Batch and Stream Graph Processing with Apache Flink
byVasia Kalavri
 
Spring boot
byBhagwat Kumar
 
Spring Framework - Core
byDzmitry Naskou
 
Springboot Microservices
byNexThoughts Technologies
 
Testing with Spring: An Introduction
bySam Brannen
 
JDK,JRE,JVM
byCognizant
 
Java Class Loading
bySandeep Verma
 
REST APIs with Spring
byJoshua Long
 
Introduction to Java 11
byKnoldus Inc.
 
Battle of the frameworks : Quarkus vs SpringBoot
byChristos Sotiriou
 
Introduction to java
bySandeep Rawat
 
JUnit 4
bySunil OS
 
Learn Java with Dr. Rifat Shahriyar
byAbir Mohammad
 
Java - OOPS and Java Basics
byVicter Paul
 
Java Strings Tutorial | String Manipulation in Java | Java Tutorial For Begin...
byEdureka!
 

Similar to Java Class Loader

PPTX
Diving into Java Class Loader
byMd Imran Hasan Hira
 
PDF
Java class loading tips and tricks - Java Colombo Meetup, January, 2014
bySameera Jayasoma
 
PDF
Class loaders
byThesis Scientist Private Limited
 
PPTX
Let's talk about java class loader
byYongqiang Li
 
PDF
Understanding ClassLoaders
byMartin Skurla
 
PDF
Unit8 security (2) java
bySharafat Husen
 
PDF
JEE Class Loading Internals.pdf
byMohit Kumar
 
PDF
Java Classloaders
byPrateek Jain
 
PPT
Class loader basic
by명철 강
 
PDF
Java Interview Questions Answers Guide
byDaisyWatson5
 
PPTX
How to run java program without IDE
byShweta Oza
 
PPTX
Java Virtual Machine (JVM) and just in time compilation
byArunKumarPandey43
 
PPTX
White and Black Magic on the JVM
byIvaylo Pashov
 
PPTX
Do you really get class loaders?
byguestd56374
 
PPTX
Java JVM
byKadarkaraiSelvam
 
PDF
Jvm internal detail
byMohammad Faizan
 
PDF
JVM Architecture – How It Works.pdf
byGeekster
 
PPTX
Java 2
byKadarkaraiSelvam
 
PPT
Chapter three Java_security.ppt
byHaymanotTadese
 
ODP
Tollas Ferenc - Java security
byveszpremimeetup
 
Diving into Java Class Loader
byMd Imran Hasan Hira
 
Java class loading tips and tricks - Java Colombo Meetup, January, 2014
bySameera Jayasoma
 
Class loaders
byThesis Scientist Private Limited
 
Let's talk about java class loader
byYongqiang Li
 
Understanding ClassLoaders
byMartin Skurla
 
Unit8 security (2) java
bySharafat Husen
 
JEE Class Loading Internals.pdf
byMohit Kumar
 
Java Classloaders
byPrateek Jain
 
Class loader basic
by명철 강
 
Java Interview Questions Answers Guide
byDaisyWatson5
 
How to run java program without IDE
byShweta Oza
 
Java Virtual Machine (JVM) and just in time compilation
byArunKumarPandey43
 
White and Black Magic on the JVM
byIvaylo Pashov
 
Do you really get class loaders?
byguestd56374
 
Java JVM
byKadarkaraiSelvam
 
Jvm internal detail
byMohammad Faizan
 
JVM Architecture – How It Works.pdf
byGeekster
 
Java 2
byKadarkaraiSelvam
 
Chapter three Java_security.ppt
byHaymanotTadese
 
Tollas Ferenc - Java security
byveszpremimeetup
 

Recently uploaded

PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
Data Structure - 12 Graph
byAndiNurkholis1
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
PPTX
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
PDF
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
Rivian's Push Notification Sub Stream with Mega Filter by Marcus Kim & Saahil...
byScyllaDB
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
2025 October Patch Tuesday
byIvanti
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
Data Structure - 12 Graph
byAndiNurkholis1
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
Ask Me Anything About AI Assist: Practical Answers for Real Workflows
bySafe Software
 
"The Art of Web Scraping: Tree Algorithms and JS Magic", Dmytro Tarasenko
byFwdays
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
Combining AI with Red Teaming and Bug Bounty
byRamin Farajpour Cami
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
Unlock This Brilliant App Freezur That Builds Brainrot Videos That Captivate ...
bySOFTTECHHUB
 
Agentic AI Guide for Enterprise Use-cases
byDebmalya Biswas
 

Java Class Loader

  • 1.
    Java Class Loader& Security Bhanu Prakash Gopularam Senior Engineer Java Platform Group
  • 2.
    Agenda • Introduction • JavaClass Loader • Java Class Loading Phases • Custom Class loading • Class Loader Exceptions • Debugging Class loader Problems • Questions
  • 3.
    Java Language Java Platformand Programming language introduced in 1995 • Java Language – General purpose object oriented programming language – Automatic storage management – GC – Platform independent code, security and network mobility • Few Java Language Security features – Built in Security Architecture – Configurable policies and domains – Applet Sand box: Allows securely download and run untrusted Java programs over the network
  • 4.
    Java Class Loader- Introduction ClassLoader “Reads byte code into JVM” A class is defined by its <class name, defining class loader> Goals of Class Loader: • Make first line of defense • Guard system packages from fake classes and spoofing attacks • Resolve symbolic references from one class to another
  • 5.
    Java Class loadingphases Verification Process: 1.Structural check 2.Semantic check 3.Byte code verification 4.Symbolic references check
  • 8.
    Java Class Loaders 1.Bootstrap or Primordial Class Loader • rt.jar • -XbootClassPath – use judiciously • System property sun.boot.class.path 1. Extension Class Loader • Installed optional packages, lib/ext (in JRE) or jre/lib/ext (in JDK) • $JRE_HOME/lib/ext • System property java.ext.dirs 1. Application Class Loader • Application classpath $CLASSPATH or -cp variable • System property java.class.path • Misleadingly it is also called as System Classloader • Can be changed using property -Djava.system.class.loader
  • 9.
    4. SecureClassLoader – Addssupport for code security model in JDK 1.2 • Adds defineClass(String name, CodeSource) • Adds getPermissions(CodeSource) 4. URLClassLoader – Loads classes from specified url path (dir or jar file) – Extends from SecureClassLoader • Supports loading classes from URL code sources 5. Context Class Loader – Context class loader is provided by creator of thread – If Security Manager is present, checkPermission() is invoked with getClassLoader() call Java Class Loaders – contd..
  • 10.
  • 11.
    Why to writeown class loader ? 1. Alternative delegation model - Java EE web modules  Checks local repositories first, common folder in Tomcat. However loading of system classes remain unchanged  By instantiating class loader again, a class can be reloaded 1. Hot Deployment  Support upgrade 1. Class loader and Security  Add extra code after findClass() and before defineClass(), compression, encryption techniques 1. Modifying the class files  Add extra debugging logic Example: BCEL (Byte code engineering library) and ASM tools
  • 12.
    Example (1): Jarsin same classpath v1/version.java v2/version.java Test.java
  • 13.
    Example (2): RMIExecution Engine Server taskIntf.execute() Client-2 Client-1 serverIntf.execute(taskIntf) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(TaskInterface) common.ServerInterface execute(TaskInterface) Server.ServerImpl execute(TaskInterface) Server.ServerImpl execute(TaskInterface)
  • 14.
    Example (3): RMIExecution Engine Server fileSystemClassLoader.execute(codeNa me, code) Client-2 Client-1 serverIntf.execute(codeName, byte[]) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(CodeName, byte[]) common.ServerInterface execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) common.FileSystemClassLoader ClassLoader
  • 15.
    Class Loader Security •Classes are separated using namespaces • Built-in checks for identifying malicious classes • Encloses class into ProtectionDomain • Verification of code for valid signature • Class File Verifier does various checks for integrity
  • 16.
    ClassLoader Exceptions 1. ClassNotFoundException –ClassLoader.findSystemClass(), loadClass() fails – Wrong classloader is used or Dir is not added  Figure out what class loader and parent class loader and see why class cannot be loaded 1. NoClassDefFoundError – Indicates linkage problem, Symbolic reference cannot be found. – Folder or source of class is not made available to parent class loader – Check the stacktrace to find the class name  Figure out class loader and missing symbolic link  List parent class loaders recursively
  • 17.
    3. ClassCastException – Castingan object to an unrelated class  Check for type and classloader used 4. UnSatisfiedLinkError – System.loadLibrary(“solaris.image_converter”), loading JNI code  JVM is unable to find proper native library of class, check references 5. ClassCircularityError – Thrown when some class is a indirect superclass of itself, an Interface extends itself or similar, mainly when diff versions of same library is loaded  Check for double class names in classpath ClassLoader Exceptions – Contd.
  • 18.
    Debugging Class LoadingProblems 1. Use java –verbose class HelloWord 2. Use javap –private HelloWord 3. Linux check class file – find *.jar –exec jar –tf ‘{}’ ; | grep HelloWorld 1. Use BCEL or ASM libraries, ByteCode visualizer for Eclipse
  • 19.
    Questions - 1 •Difference between Class.forName() vs classLoader.loadClass()
  • 20.
    Questions - 2 •In Java, what is the need for main method? public static void main(String args[])
  • 21.
    Questions - 3 •Guess first 4 bytes of a class file! Byte code generated by compiler need to have standard data at beginning of the file
  • 22.
    Resources 1. The JavaLanguage Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jls/se8/jls8.pdf 2. The Java Virtual Machine Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jvms/se8/jvms8.pdf 3. Demystifying Java Platform Security Architecture, Ramesh Nagappan 4. Internals of Java Class Loading, Binildas Christudas, O'Reilly, OnJava.com 5. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services and Identity Management, Sun MicroSystems, Prentice Hall 6. Java and JVM security vulnerabilities and their exploitation techniques 7. http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd.pdf 8. GitHub URL - https://github.com/gopularam/developer/tree/master/Classloader 9. Slideshare URL - http://www.slideshare.net/bhanugopularam/java-class-loader- 49366166
  • 23.

Editor's Notes

  • #4 General purpose object oriented programming language (architectural neutral interpreted and executable byte code) JVM – abstract computing engine, it insulates JVM from underlying differences Rules-based class loading and verification of byte code. Applet Sandbox
  • #5 Responsible for locating byte code of particular class and and then transform to usable class by runtime system To enforce security it coordinates with SecurityManager and AccessController Protect java classes from spoofing attacks ClassLoader recursively delegates class loading to its parent loader. Can be changed by custom class loaders Developers have two well-known reasons for building customClassLoaders: 1. providing support for a new class repository and 2. partitioning user code in a server
  • #6 Java byte code verifier: Pass-1 – Structural check, starting bytes in class file, major minor version checks etc Pass -2 – Semantic Check – method descriptors, context-free grammar, adherence to java specification Pass-3 – byte code verification, improper gotos, opcodes vs operands, method arguments, local variable initialization, etc Pass-4 – verification of symbolic references, loading referenced types, dynamic linking, binary compatibility check It is based on data flow analysis. It does by modeling each bytecode instruction and simulates each execution path that can possibly occur Check number of registers, stack height, types of values in register. Class donot forge pointers Class file format is OK Code donot violate access privileges Class definition is correct --------- Security. Your ClassLoader could examine classes before they are handed off to the JVM to see if they have a proper digital signature. You can also create a kind of &amp;quot;sandbox&amp;quot; that disallows certain kinds of method calls by examining the source code and rejecting classes that try to do things outside the sandbox. Encryption. It&amp;apos;s possible to create a ClassLoader that decrypts on the fly, so that your class files on disk are not readable by someone with a decompiler. The user must supply a password to run the program, and the password is used to decrypt the code. * Archiving. Want to distribute your code in a special format or with special compression? Your ClassLoader can pull raw class file bytes from any source it wants. Self-extracting programs. It&amp;apos;s possible to compile an entire Java application into a single executable class file that contains compressed and/or encrypted class file data, along with an integral ClassLoader; when the program is run, it unpacks itself entirely in memory -- no need to install first. * Dynamic generation. They sky&amp;apos;s the limit here. You can generate classes that refer to other classes that haven&amp;apos;t been generated yet -- create entire classes on the fly and bring them into the JVM without missing a beat.
  • #7 If class is already loaded then return it else call findClass()
  • #9 Primordial class loader: java applications have capability of loading bootstrap, system and app classed To protect from malicious attacks it uses java.security.SecureClassLoader Load class Finding a class using delegation Defining the class Link class Happens before class initialization or before reflection API calls Byte code verifier – bytecode is typesafe, execution paths Checks like Verification (Semantics, type checking), Preparation (allocate JVM internal objects ) Initialize class Happens once on “first use” Before class first instance creation, Runs static code Before access to static fields or methods Class loading phases Load class – finding the class using delegation Link class – Runs Bytecode verifier, allocates JVM internal objects Initialize class – Happens once on “first use”
  • #10 A domain conceptually encloses a set of classes whose instances are granted the same set of permissions.  CodeSource - each piece of code has two identity-defining characteristics: origin and signature. These two characteristics are represented in the class java.security.CodeSource the context class loader was invented to give framework code a mechanism to find the &amp;quot;correct&amp;quot; class loader to load application classes. In the case of the web application, the server typically applies the web application class loader as the context class loader. AppletClassLoader SecureClassLoader RMIClasssLoader
  • #11 Delegation works in bottom-up manner Visbility - Classes loaded by top level classloader are visible to class loaders beneath it and not vice versa.
  • #14 RMI Execution Engine Clients can supply any tasks that implement common.TaskIntf RMI execution engine loads code only once but executes 2 times based on requests In client VM, separate client.TaskImpl classes are loaded, instantiated and sent to Execution Engine Server VM for execution Each client uses different instances of FileSystem classloader. At server side, in findClass we call defineClass internally with byte[] and class name.
  • #15 RMI Execution Engine Clients can supply any tasks that implement common.TaskIntf RMI execution engine loads code only once but executes 2 times based on requests In client VM, separate client.TaskImpl classes are loaded, instantiated and sent to Execution Engine Server VM for execution
  • #16 Whether bytecode was generated by compliant compiler,
  • #17 ClassNotFoundException Look for code where classloader loadClass() call is involved NoClassDefFoundException Check why class is not available
  • #19 Javap – java class file disassembler By default it prints package, protected and public fields and methods
  • #20 Class.forName() uses classloader of the callers’ classloader, it initializes the class (executes static data) classLoader.loadClass() – is used when we need to pass on classloader name as argument. It just loads class and initialization is deferred till class is used for first time