![Example (3): RMI Execution Engine
Server
fileSystemClassLoader.execute(codeNa
me, code)
Client-2
Client-1
serverIntf.execute(codeName,
byte[])
RMI
Registry
1. Register
2. Lookup
3. Return server stub
4. Data Comm.
common.ServerInterface
execute(CodeName, byte[])
common.ServerInterface
execute(CodeName, byte[])
Server.ServerImpl
execute(CodeName, byte[])
Server.ServerImpl
execute(CodeName, byte[])
common.FileSystemClassLoader
ClassLoader](https://image.slidesharecdn.com/1secureclassloadertalk-150614092731-lva1-app6892/85/Java-Class-Loader-14-320.jpg)
![Questions - 2
• In Java, what is the need for main method?
public static void main(String args[])](https://image.slidesharecdn.com/1secureclassloadertalk-150614092731-lva1-app6892/85/Java-Class-Loader-20-320.jpg)
Java Class Loader
- 1. Java Class Loader & Security Bhanu Prakash Gopularam Senior Engineer Java Platform Group
- 2. Agenda • Introduction • Java Class Loader • Java Class Loading Phases • Custom Class loading • Class Loader Exceptions • Debugging Class loader Problems • Questions
- 3. Java Language Java Platform and Programming language introduced in 1995 • Java Language – General purpose object oriented programming language – Automatic storage management – GC – Platform independent code, security and network mobility • Few Java Language Security features – Built in Security Architecture – Configurable policies and domains – Applet Sand box: Allows securely download and run untrusted Java programs over the network
- 4. Java Class Loader - Introduction ClassLoader “Reads byte code into JVM” A class is defined by its <class name, defining class loader> Goals of Class Loader: • Make first line of defense • Guard system packages from fake classes and spoofing attacks • Resolve symbolic references from one class to another
- 5. Java Class loading phases Verification Process: 1.Structural check 2.Semantic check 3.Byte code verification 4.Symbolic references check
- 8. Java Class Loaders 1. Bootstrap or Primordial Class Loader • rt.jar • -XbootClassPath – use judiciously • System property sun.boot.class.path 1. Extension Class Loader • Installed optional packages, lib/ext (in JRE) or jre/lib/ext (in JDK) • $JRE_HOME/lib/ext • System property java.ext.dirs 1. Application Class Loader • Application classpath $CLASSPATH or -cp variable • System property java.class.path • Misleadingly it is also called as System Classloader • Can be changed using property -Djava.system.class.loader
- 9. 4. SecureClassLoader – Adds support for code security model in JDK 1.2 • Adds defineClass(String name, CodeSource) • Adds getPermissions(CodeSource) 4. URLClassLoader – Loads classes from specified url path (dir or jar file) – Extends from SecureClassLoader • Supports loading classes from URL code sources 5. Context Class Loader – Context class loader is provided by creator of thread – If Security Manager is present, checkPermission() is invoked with getClassLoader() call Java Class Loaders – contd..
- 10. Java Class loader Delegation
- 11. Why to write own class loader ? 1. Alternative delegation model - Java EE web modules Checks local repositories first, common folder in Tomcat. However loading of system classes remain unchanged By instantiating class loader again, a class can be reloaded 1. Hot Deployment Support upgrade 1. Class loader and Security Add extra code after findClass() and before defineClass(), compression, encryption techniques 1. Modifying the class files Add extra debugging logic Example: BCEL (Byte code engineering library) and ASM tools
- 12. Example (1): Jars in same classpath v1/version.java v2/version.java Test.java
- 13. Example (2): RMI Execution Engine Server taskIntf.execute() Client-2 Client-1 serverIntf.execute(taskIntf) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(TaskInterface) common.ServerInterface execute(TaskInterface) Server.ServerImpl execute(TaskInterface) Server.ServerImpl execute(TaskInterface)
- 14. Example (3): RMI Execution Engine Server fileSystemClassLoader.execute(codeNa me, code) Client-2 Client-1 serverIntf.execute(codeName, byte[]) RMI Registry 1. Register 2. Lookup 3. Return server stub 4. Data Comm. common.ServerInterface execute(CodeName, byte[]) common.ServerInterface execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) Server.ServerImpl execute(CodeName, byte[]) common.FileSystemClassLoader ClassLoader
- 15. Class Loader Security • Classes are separated using namespaces • Built-in checks for identifying malicious classes • Encloses class into ProtectionDomain • Verification of code for valid signature • Class File Verifier does various checks for integrity
- 16. ClassLoader Exceptions 1. ClassNotFoundException – ClassLoader.findSystemClass(), loadClass() fails – Wrong classloader is used or Dir is not added Figure out what class loader and parent class loader and see why class cannot be loaded 1. NoClassDefFoundError – Indicates linkage problem, Symbolic reference cannot be found. – Folder or source of class is not made available to parent class loader – Check the stacktrace to find the class name Figure out class loader and missing symbolic link List parent class loaders recursively
- 17. 3. ClassCastException – Casting an object to an unrelated class Check for type and classloader used 4. UnSatisfiedLinkError – System.loadLibrary(“solaris.image_converter”), loading JNI code JVM is unable to find proper native library of class, check references 5. ClassCircularityError – Thrown when some class is a indirect superclass of itself, an Interface extends itself or similar, mainly when diff versions of same library is loaded Check for double class names in classpath ClassLoader Exceptions – Contd.
- 18. Debugging Class Loading Problems 1. Use java –verbose class HelloWord 2. Use javap –private HelloWord 3. Linux check class file – find *.jar –exec jar –tf ‘{}’ ; | grep HelloWorld 1. Use BCEL or ASM libraries, ByteCode visualizer for Eclipse
- 19. Questions - 1 • Difference between Class.forName() vs classLoader.loadClass()
- 20. Questions - 2 • In Java, what is the need for main method? public static void main(String args[])
- 21. Questions - 3 • Guess first 4 bytes of a class file! Byte code generated by compiler need to have standard data at beginning of the file
- 22. Resources 1. The Java Language Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jls/se8/jls8.pdf 2. The Java Virtual Machine Specification, Java SE 8 Edition, https://docs.oracle.com/javase/specs/jvms/se8/jvms8.pdf 3. Demystifying Java Platform Security Architecture, Ramesh Nagappan 4. Internals of Java Class Loading, Binildas Christudas, O'Reilly, OnJava.com 5. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services and Identity Management, Sun MicroSystems, Prentice Hall 6. Java and JVM security vulnerabilities and their exploitation techniques 7. http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd.pdf 8. GitHub URL - https://github.com/gopularam/developer/tree/master/Classloader 9. Slideshare URL - http://www.slideshare.net/bhanugopularam/java-class-loader- 49366166
- 23. Thank You. Q/A
Editor's Notes
- #4: General purpose object oriented programming language (architectural neutral interpreted and executable byte code) JVM – abstract computing engine, it insulates JVM from underlying differences Rules-based class loading and verification of byte code. Applet Sandbox
- #5: Responsible for locating byte code of particular class and and then transform to usable class by runtime system To enforce security it coordinates with SecurityManager and AccessController Protect java classes from spoofing attacks ClassLoader recursively delegates class loading to its parent loader. Can be changed by custom class loaders Developers have two well-known reasons for building customClassLoaders: 1. providing support for a new class repository and 2. partitioning user code in a server
- #6: Java byte code verifier: Pass-1 – Structural check, starting bytes in class file, major minor version checks etc Pass -2 – Semantic Check – method descriptors, context-free grammar, adherence to java specification Pass-3 – byte code verification, improper gotos, opcodes vs operands, method arguments, local variable initialization, etc Pass-4 – verification of symbolic references, loading referenced types, dynamic linking, binary compatibility check It is based on data flow analysis. It does by modeling each bytecode instruction and simulates each execution path that can possibly occur Check number of registers, stack height, types of values in register. Class donot forge pointers Class file format is OK Code donot violate access privileges Class definition is correct --------- Security. Your ClassLoader could examine classes before they are handed off to the JVM to see if they have a proper digital signature. You can also create a kind of &quot;sandbox&quot; that disallows certain kinds of method calls by examining the source code and rejecting classes that try to do things outside the sandbox. Encryption. It&apos;s possible to create a ClassLoader that decrypts on the fly, so that your class files on disk are not readable by someone with a decompiler. The user must supply a password to run the program, and the password is used to decrypt the code. * Archiving. Want to distribute your code in a special format or with special compression? Your ClassLoader can pull raw class file bytes from any source it wants. Self-extracting programs. It&apos;s possible to compile an entire Java application into a single executable class file that contains compressed and/or encrypted class file data, along with an integral ClassLoader; when the program is run, it unpacks itself entirely in memory -- no need to install first. * Dynamic generation. They sky&apos;s the limit here. You can generate classes that refer to other classes that haven&apos;t been generated yet -- create entire classes on the fly and bring them into the JVM without missing a beat.
- #7: If class is already loaded then return it else call findClass()
- #9: Primordial class loader: java applications have capability of loading bootstrap, system and app classed To protect from malicious attacks it uses java.security.SecureClassLoader Load class Finding a class using delegation Defining the class Link class Happens before class initialization or before reflection API calls Byte code verifier – bytecode is typesafe, execution paths Checks like Verification (Semantics, type checking), Preparation (allocate JVM internal objects ) Initialize class Happens once on “first use” Before class first instance creation, Runs static code Before access to static fields or methods Class loading phases Load class – finding the class using delegation Link class – Runs Bytecode verifier, allocates JVM internal objects Initialize class – Happens once on “first use”
- #10: A domain conceptually encloses a set of classes whose instances are granted the same set of permissions. CodeSource - each piece of code has two identity-defining characteristics: origin and signature. These two characteristics are represented in the class java.security.CodeSource the context class loader was invented to give framework code a mechanism to find the &quot;correct&quot; class loader to load application classes. In the case of the web application, the server typically applies the web application class loader as the context class loader. AppletClassLoader SecureClassLoader RMIClasssLoader
- #11: Delegation works in bottom-up manner Visbility - Classes loaded by top level classloader are visible to class loaders beneath it and not vice versa.
- #14: RMI Execution Engine Clients can supply any tasks that implement common.TaskIntf RMI execution engine loads code only once but executes 2 times based on requests In client VM, separate client.TaskImpl classes are loaded, instantiated and sent to Execution Engine Server VM for execution Each client uses different instances of FileSystem classloader. At server side, in findClass we call defineClass internally with byte[] and class name.
- #15: RMI Execution Engine Clients can supply any tasks that implement common.TaskIntf RMI execution engine loads code only once but executes 2 times based on requests In client VM, separate client.TaskImpl classes are loaded, instantiated and sent to Execution Engine Server VM for execution
- #16: Whether bytecode was generated by compliant compiler,
- #17: ClassNotFoundException Look for code where classloader loadClass() call is involved NoClassDefFoundException Check why class is not available
- #19: Javap – java class file disassembler By default it prints package, protected and public fields and methods
- #20: Class.forName() uses classloader of the callers’ classloader, it initializes the class (executes static data) classLoader.loadClass() – is used when we need to pass on classloader name as argument. It just loads class and initialization is deferred till class is used for first time