Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the reason for having 3 Class loaders in Java

Java has 3 class loaders:

  • BootStrap,
  • Extension and
  • System

and they have one role; loading classes from different packages.

But why does Java have 3 different class loaders instead of just one, since one class loader can load all the necessary classes?

like image 826
GD_Java Avatar asked Jan 18 '15 15:01

GD_Java


1 Answers

The reason for having the three basic class loaders (Bootstrap, extension, system) is mostly security.

Prior to version 1.2 of the JVM, there was just one default class loader, which is what is currently called the "Bootstrap" class loader.

The way classes are loaded by class loaders is that each class loader first calls its parent, and if that parent doesn't find the requested class, the current one is looking for it itself.

A key concept is the fact that the JVM will not grant package access (the access that methods and fields have if you didn't specifically mention private, public or protected) unless the class that asks for this access comes from the same class loader that loaded the class it wishes to access.

So, suppose a user calls his class java.lang.MyClass. Theoretically, it could get package access to all the fields and methods in the java.lang package and change the way they work. The language itself doesn't prevent this. But the JVM will block this, because all the real java.lang classes were loaded by bootstrap class loader. Not the same loader = no access.

There are other security features built into the class loaders that make it hard to do certain types of hacking.

So why three class loaders? Because they represent three levels of trust. The classes that are most trusted are the core API classes. Next are installed extensions, and then classes that appear in the classpath, which means they are local to your machine.

For a more extended explanation, refer to Bill Venners's "Inside the Java Virtual Machine".

like image 106
RealSkeptic Avatar answered Sep 28 '22 16:09

RealSkeptic