2
* Licensed to the Apache Software Foundation (ASF) under one or more
3
* contributor license agreements. See the NOTICE file distributed with
4
* this work for additional information regarding copyright ownership.
5
* The ASF licenses this file to You under the Apache License, Version 2.0
6
* (the "License"); you may not use this file except in compliance with
7
* the License. You may obtain a copy of the License at
9
* http://www.apache.org/licenses/LICENSE-2.0
11
* Unless required by applicable law or agreed to in writing, software
12
* distributed under the License is distributed on an "AS IS" BASIS,
13
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
* See the License for the specific language governing permissions and
15
* limitations under the License.
18
package org.apache.jasper.servlet;
20
import java.io.IOException;
21
import java.io.InputStream;
23
import java.net.URLClassLoader;
24
import java.security.CodeSource;
25
import java.security.PermissionCollection;
27
import org.apache.jasper.Constants;
30
* Class loader for loading servlet class files (corresponding to JSP files)
31
* and tag handler class files (corresponding to tag files).
33
* @author Anil K. Vijendran
34
* @author Harish Prabandham
35
* @author Jean-Francois Arcand
37
public class JasperLoader extends URLClassLoader {
39
private PermissionCollection permissionCollection;
40
private CodeSource codeSource;
41
private String className;
42
private ClassLoader parent;
43
private SecurityManager securityManager;
45
public JasperLoader(URL[] urls, ClassLoader parent,
46
PermissionCollection permissionCollection,
47
CodeSource codeSource) {
49
this.permissionCollection = permissionCollection;
50
this.codeSource = codeSource;
52
this.securityManager = System.getSecurityManager();
56
* Load the class with the specified name. This method searches for
57
* classes in the same manner as <code>loadClass(String, boolean)</code>
58
* with <code>false</code> as the second argument.
60
* @param name Name of the class to be loaded
62
* @exception ClassNotFoundException if the class was not found
64
public Class loadClass(String name) throws ClassNotFoundException {
66
return (loadClass(name, false));
70
* Load the class with the specified name, searching using the following
71
* algorithm until it finds and returns the class. If the class cannot
72
* be found, returns <code>ClassNotFoundException</code>.
74
* <li>Call <code>findLoadedClass(String)</code> to check if the
75
* class has already been loaded. If it has, the same
76
* <code>Class</code> object is returned.</li>
77
* <li>If the <code>delegate</code> property is set to <code>true</code>,
78
* call the <code>loadClass()</code> method of the parent class
79
* loader, if any.</li>
80
* <li>Call <code>findClass()</code> to find this class in our locally
81
* defined repositories.</li>
82
* <li>Call the <code>loadClass()</code> method of our parent
83
* class loader, if any.</li>
85
* If the class was found using the above steps, and the
86
* <code>resolve</code> flag is <code>true</code>, this method will then
87
* call <code>resolveClass(Class)</code> on the resulting Class object.
89
* @param name Name of the class to be loaded
90
* @param resolve If <code>true</code> then resolve the class
92
* @exception ClassNotFoundException if the class was not found
94
public Class loadClass(final String name, boolean resolve)
95
throws ClassNotFoundException {
99
// (0) Check our previously loaded class cache
100
clazz = findLoadedClass(name);
107
// (.5) Permission to access this class when using a SecurityManager
108
if (securityManager != null) {
109
int dot = name.lastIndexOf('.');
112
// Do not call the security manager since by default, we grant that package.
113
if (!"org.apache.jasper.runtime".equalsIgnoreCase(name.substring(0,dot))){
114
securityManager.checkPackageAccess(name.substring(0,dot));
116
} catch (SecurityException se) {
117
String error = "Security Violation, attempt to use " +
118
"Restricted Class: " + name;
119
se.printStackTrace();
120
throw new ClassNotFoundException(error);
125
if( !name.startsWith(Constants.JSP_PACKAGE_NAME + '.') ) {
126
// Class is not in org.apache.jsp, therefore, have our
128
clazz = parent.loadClass(name);
134
return findClass(name);
141
* @see java.lang.ClassLoader#getResourceAsStream(java.lang.String)
143
public InputStream getResourceAsStream(String name) {
144
InputStream is = parent.getResourceAsStream(name);
146
URL url = findResource(name);
149
is = url.openStream();
150
} catch (IOException e) {
160
* Get the Permissions for a CodeSource.
162
* Since this ClassLoader is only used for a JSP page in
163
* a web application context, we just return our preset
164
* PermissionCollection for the web app context.
166
* @param codeSource Code source where the code was loaded from
167
* @return PermissionCollection for CodeSource
169
public final PermissionCollection getPermissions(CodeSource codeSource) {
170
return permissionCollection;
b'\\ No newline at end of file'