What is the first parameter of the standard constructor of the ClassLoader class?

Question

What is the first parameter of the standard constructor of the ClassLoader class?

The name says it all, here is the code:

private ClassLoader(Void unused, ClassLoader parent) {
    this.parent = parent;
    if (ParallelLoaders.isRegistered(this.getClass())) {
        parallelLockMap = new ConcurrentHashMap<>();
        package2certs = new ConcurrentHashMap<>();
        domains =
            Collections.synchronizedSet(new HashSet<ProtectionDomain>());
        assertionLock = new Object();
    } else {
        // no finer-grained lock; lock on the classloader instance
        parallelLockMap = null;
        package2certs = new Hashtable<>();
        domains = new HashSet<>();
        assertionLock = this;
    }
}

+4

java classloader

Leonid bor Mar 23 '18 at 19:54

source share

1 answer

df778899 · Accepted Answer · 2018-03-23T22:46:15+0000

It looks like a tricky trick to trigger a security check before the class loader can be created.

A quick experiment confirms that the static method is called before any initializers:

public class InitializerTest {
    {
        System.out.println("Initializer block");
    }

    private InitializerTest(Void v) {
        System.out.println("Constructor");
    }

    protected InitializerTest() {
        this(staticMethod());
    }

    private static Void staticMethod() {
        System.out.println("Static method");
        return null;
    }
}

What outputs:

Static method
Initializer block
Constructor

Obviously, it is safer to never allow subclassing to be faked ClassLoader, rather than execute it after the instance is created. For instance. even if the superclass did not pass in its first initializer block, is there an instance there - is it possible to use an exploit in a method finalize()in a subclass?

What is the first parameter of the standard constructor of the ClassLoader class?

More articles: