-1

I would like to know what the checkCreateClassLoader method does , its not very clear in the java api doc.Yes , let say I have an application and want to avoid someone dumping my classes during run time(using java agent or reflection). Can I use this method for avoiding this . Thanks

MalikDz

Malik Dz
  • 11
  • 5
  • You might want to expand out your question a bit more. It doesn't look like you put much work into it. If you aren't willing to put work into explaining and clarifying your question, how can you expect others to put work into answer your question? – Alex K Nov 26 '14 at 01:01
  • Well, what it does is check if the code in question is allowed to create a new class loader (which is a security-relevant operation). Are you asking how you can set this permission? – Thilo Nov 26 '14 at 01:07
  • I just want to know what does the checkCreateClassloader method do ? Its in the SecurityManager class inside the security package. I think thats pretty clear no ? – Malik Dz Nov 26 '14 at 01:08
  • I would also like to know if Its block certain class to be loaded – Malik Dz Nov 26 '14 at 01:10
  • @MalikDz: Well, the JavaDoc says exactly what it does. Are you asking how it is implemented? Or how you can set these permissions? Or what a SecurityManager does in general (checkCreateClassLoader is really same as all the other permissions, are those clear to you)? – Thilo Nov 26 '14 at 01:11
  • Yes , let say I have an application and want to avoid someone dumping my classes during run time(using java agent or reflection). Can I use this method for avoiding this . Thanks – Malik Dz Nov 26 '14 at 01:12

1 Answers1

0

Let say I have an application and want to avoid someone dumping my classes during run time(using java agent or reflection). Can I use this method for avoiding this?

No.

First of all "Java Agent" already implies complete control over the runtime environment.

If you have a user running your code on their own machine, they can get at your class files.

If the code is running on your machine (but the user can somehow upload his own JAR files), then you can use a custom Security Manager, maybe in combination with a custom ClassLoader, to disable reflection and probably also access to the bytecode of classes (and also restrict communication channels that would be required to send this "leaked" data back to the user).

Community
  • 1
  • 1
Thilo
  • 257,207
  • 101
  • 511
  • 656