In this post we will cover more details about Security feature of Java and for this we will be covering 3 concepts which are. Classloaders,Bytecode verifiers and Security manager
Classloader
Classloader is a class files that helps to load all the class files in the memory before JVM can perform some action on these class files. Since we stated that classloader is a class file how is this class file loaded? For this we have a bootstrap loader which is a native classloader and this helps to load the classloader, bootstrap loader is native, platform dependent and it is written in c language
Whenever we execute Java command a native launcher program is triggered and on successful launching of the program bootstrap loader is loaded, which is used to load all the core Java classes which belongs to the package java.
Bootstrap loader also launches another 2 loaders which are Extension loader and Application loader.
Extension loader loads extension classes which belongs to the package javax. next the Application loader loads classes required for the current application. This is how all the class loaders are loaded.
All the 3 classloaders follow the Delegation model.
Simple example to demonstrate this
whenever an application is required to load a class it first triggers a request to the application loader which in turn returns the request to extension loader and extension passes the request to the bootstrap which check if the core java class is required. If required then it grants the request to extension loader and extension loader grants the access in turn to the application loader.
Bytecode Verifier
Next moving on to bytecode Verifier its task is to verify the bytecode and check if there is any variables that are not intialized. Tip How to view the bytecode of a Java file use the below command
javap -c javafilename
when you execute the above line on command prompt it gives the bytecode version of the Javafile.
Security manager
Security manager manages granting or blocking access of the file, system properties below is a Simple example to demonstrate this feature
import java.io.FileInputStream;
import java.io.FileNotFoundException;
public class sample {
public static void main(String[] args)
throws FileNotFoundException {
//Is there a SecurityManger registered?
System.out.println("SecurityManager: " +
System.getSecurityManager());
//Checking if we can open a file for reading
FileInputStream fis = new FileInputStream("k:/sample.txt");
System.out.println("File successfully opened");
//Checking if we can access a vm property
System.out.println(System.getProperty("file.encoding"));
}
}
When you compile and run this program you would find the below results.
SecurityManager:null
File successfully opened
cp1252
Null in the first line means that the security manager is not defined, next line states that the file is open. You can go more advance with this topic by defining the policy file in which you can grant or block access to the file and we will cover this in the future post.
------------------------------------------------------------------------------------------------------------
