1

このAPIを置き換える独自のバンドルをエクスポートすることで、標準のJava APIの一部をスプーフィングすることは可能ですか?もちろん、同じインターフェースで。

そうすれば、他のバンドルが実際にはjavaパッケージではなく、独自のパッケージを使用していることに気付かない可能性がありますか。

4

2 に答える 2

6

In principle this is possible. Only catch is that if you specify a class in the 'java' package, the sun classloader will forbid it:

Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.io
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:480)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
    at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)

In order to circumvent the problem, you need to provide your extra classes on the boot classpath:

$ java -Xbootclasspath:/home/user/Desktop/:/home/user/Desktop/rt.jar java.io.Hack
hacked

You can then also override system files, for instance java.io.File:

$ java -Xbootclasspath:/home/user/Desktop/:/home/user/Desktop/rt.jar java.io.File
Error occurred during initialization of VM
java.lang.NoSuchFieldError: separatorChar
    at java.lang.Runtime.loadLibrary0(Runtime.java:819)
    at java.lang.System.loadLibrary(System.java:1030)
    at java.lang.System.initializeSystemClass(System.java:1077)

(showing that we just overrode java.io.File)

So you can override system classes, the trick is that you must have access to the virtual machine. You can't do it on the fly, which of course is due to security restrictions.

于 2010-02-11T18:08:53.417 に答える
1

It's not exactly what you're asking for, but Apache Harmony is an alternate Java SE implementation that has made an effort to modularize the Java APIs so it's possible to only install the modules you actually need, plus you can supply alternate implementations (though probably not at runtime).

Check out: http://wiki.apache.org/harmony/componentization

于 2010-02-15T20:50:36.523 に答える