classpath
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

url class loader bug?

From: Jeroen Frijters
Subject: url class loader bug?
Date: Thu, 5 Sep 2002 17:09:14 +0200 
I'm starting to support class loaders and I've run into a
NullPointerException. URLClassLoader.findClass() has the following
fragment:

            // Now construct the CodeSource (if loaded from a jar file)
            CodeSource source = null;
            if (url.getProtocol().equals("jar")) {
                Certificate[] certificates =
 
((JarURLConnection)conn).getCertificates();
                String u = url.toExternalForm ();
                u = u.substring (4); //skip "jar:"
                int i = u.indexOf ('!');
                if ( i >= 0)
                  u = u.substring (0, i);
                url = new URL (u);

                source = new CodeSource(url, certificates);
            }

            // And finally construct the class!
            return defineClass(className, classData,
                               0, classData.length,
                               source);

Notice how it only constructs a CodeSource when the url is a jar, now in
SecureClassLoader.defineClass(), we find the follow code:

    ProtectionDomain protectionDomain =
      new ProtectionDomain(cs, getPermissions(cs));

And URLClassLoader.getPermissions() does:

    URL url = source.getLocation();

And this lines throws a NullPointerException, because source is null
(when the class isn't being loaded from a jar).

I think the fix would be to change URLClassLoader.findClass() to always
construct a CodeSource even when the class isn't loaded from a jar.

Regards,
Jeroen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]