Apache CXF API

org.apache.cxf.common.classloader
Class FireWallClassLoader

java.lang.Object
  extended by java.lang.ClassLoader
      extended by java.security.SecureClassLoader
          extended by org.apache.cxf.common.classloader.FireWallClassLoader

public class FireWallClassLoader
extends SecureClassLoader

The FireWallClassLoader is a classloader that can block request from going up in the classloader hierarchy.

Normally, when a classloader receives a request for a resource, it will consult its parent class loader first for that resource. The parent class loader is typically the System ClassLoader. If the parent class loader cannot provide the requested resource, the child class loader will be consulted for the request. Note: the parent class loader must not be confused by the superclass of a certain class loader (e.g. SecureClassLoader). The parent classloader is identified at constuction time and passed in as an constructor argument.

Consulting the parent classloader first can be inconvenient for certain applications that want guarantees about which classloader is used to load a certain class. This could be because you want to be certain about where the resource came from, or you want to protect yourself against (other versions) of the same class that could be served by the System ClassLoader (e.g. because someone put them on the classpath or in the extensions directory).

For these cases, the FireWallClassLoader can be used.

 
 System ClassLoader | FireWallClassLoader | User's ClassLoader
 
 
The FireWallClassLoader is placed between the user's class loader and the parent class loader. It has a set of filters that define what classes are allowed to go through. These filters describe (a groups of) packages, or a specific classes or resources that are allowed through to the parent classloader. Take as example this filter set:
 ["com.iona.", "javax.servlet.jsp."]
 
This will allow requests to any class/resource staring with com.iona. or javax.servlet.jsp. through to the parent classloader and block all other requests.

A very common set of filters would be a set that allows nothing through except the classes used by the JDK. The JDKFireWallClassLoaderFactory factory class can create such FireWallClassLoader.

The FireWallClassLoader does not load any classes.


Constructor Summary
FireWallClassLoader(ClassLoader parent, String[] fs)
          Constructor.
FireWallClassLoader(ClassLoader parent, String[] fs, String[] negativeFs)
          Constructor.
 
Method Summary
 String[] getFilters()
          Returns the list of filters used by this FireWallClassLoader.
 String[] getNegativeFilters()
          Returns the list of negative filters used by this FireWallClassLoader.
 URL getResource(String name)
           
protected  Class<?> loadClass(String name, boolean resolve)
           
 
Methods inherited from class java.security.SecureClassLoader
defineClass, defineClass, getPermissions
 
Methods inherited from class java.lang.ClassLoader
clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, findClass, findLibrary, findLoadedClass, findResource, findResources, findSystemClass, getPackage, getPackages, getParent, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, loadClass, resolveClass, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FireWallClassLoader

public FireWallClassLoader(ClassLoader parent,
                           String[] fs)
Constructor.

Parameters:
parent - The Parent ClassLoader to use.
fs - A set of filters to let through. The filters and be either in package form (org.omg. or org.omg.*) or specify a single class (junit.framework.TestCase).

When the package form is used, all classed in all subpackages of this package are let trough the firewall. When the class form is used, the filter only lets that single class through. Note that when that class depends on another class, this class does not need to be mentioned as a filter, because if the originating class is loaded by the parent classloader, the FireWallClassLoader will not receive requests for the dependant class.


FireWallClassLoader

public FireWallClassLoader(ClassLoader parent,
                           String[] fs,
                           String[] negativeFs)
Constructor.

Parameters:
parent - The Parent ClassLoader to use.
fs - A set of filters to let through. The filters and be either in package form (org.omg. or org.omg.*) or specify a single class (junit.framework.TestCase).

When the package form is used, all classed in all subpackages of this package are let trough the firewall. When the class form is used, the filter only lets that single class through. Note that when that class depends on another class, this class does not need to be mentioned as a filter, because if the originating class is loaded by the parent classloader, the FireWallClassLoader will not receive requests for the dependant class.

negativeFs - List of negative filters to use. Negative filters take precedence over positive filters. When a class or resource is requested that matches a negative filter it is not let through the firewall even if an allowing filter would exist in the positive filter list.
Method Detail

loadClass

protected Class<?> loadClass(String name,
                             boolean resolve)
                      throws ClassNotFoundException
Overrides:
loadClass in class ClassLoader
Throws:
ClassNotFoundException

getResource

public URL getResource(String name)
Overrides:
getResource in class ClassLoader

getFilters

public String[] getFilters()
Returns the list of filters used by this FireWallClassLoader. The list is a copy of the array internally used.

Returns:
The filters used.

getNegativeFilters

public String[] getNegativeFilters()
Returns the list of negative filters used by this FireWallClassLoader. The list is a copy of the array internally used.

Returns:
The filters used.

Apache CXF API

Apache CXF