In this chapter, we’re going to look at the third major component that determines the security policy of a Java program: the Java class loader. Class loaders are the mechanism by which files (or other sources) containing Java bytecodes are read into the Java virtual machine and converted into class definitions.

There are three areas in which the class loader operates with the security model. First, the class loader cooperates with the virtual machine to define namespaces, which protect the integrity of the security features built into the Java language. Second, the class loader calls the security manager when appropriate, ensuring that code has the appropriate permissions in order to access or define classes. And third, the class loader sets up the mapping of permissions to class objects (the protection domain of each class) so that the access controller knows which classes have which permissions. The last of these areas is the one which is of most use to developers: if you want to establish a different security policy in your application, it’s easier to do it by writing a custom class loader and establishing the permissions of classes within that class loader than by writing a new implementation of the Policy class.

In this chapter, we’ll address all of these points. We’ll also look into the class loader classes that come with Java and how to write your own class loader. As with the other elements of the Java sandbox, the ability to create and use ...