java.net: public class: URLClassLoader

java.net
public class: URLClassLoader [javadoc | source]

java.lang.Object
   java.lang.ClassLoader
      java.security.SecureClassLoader
         java.net.URLClassLoader

All Implemented Interfaces:
Closeable

Direct Known Subclasses:
PrivateMLet, MLet, FactoryURLClassLoader

This class loader is used to load classes and resources from a search path of URLs referring to both JAR files and directories. Any URL that ends with a '/' is assumed to refer to a directory. Otherwise, the URL is assumed to refer to a JAR file which will be opened as needed.

The AccessControlContext of the thread that created the instance of URLClassLoader will be used when subsequently loading classes and resources.

The classes that are loaded are by default granted permission only to access the URLs specified when the URLClassLoader was created.

author: David - Connelly

since: 1.2 -

Fields inherited from java.lang.ClassLoader:
assertionLock, classAssertionStatus

Constructor:
public URLClassLoader(URL[] urls) { super(); // this is to make the stack depth consistent with 1.1 SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkCreateClassLoader(); } ucp = new URLClassPath(urls); this.acc = AccessController.getContext(); } Constructs a new URLClassLoader for the specified URLs using the default delegation parent `ClassLoader`. The URLs will be searched in the order specified for classes and resources after first searching in the parent class loader. Any URL that ends with a '/' is assumed to refer to a directory. Otherwise, the URL is assumed to refer to a JAR file which will be downloaded and opened as needed. If there is a security manager, this method first calls the security manager's `checkCreateClassLoader` method to ensure creation of a class loader is allowed. Parameters: `urls` - the URLs from which to load classes and resources Throws: `SecurityException` - if a security manager exists and its `checkCreateClassLoader` method doesn't allow creation of a class loader. Also see: SecurityManager#checkCreateClassLoader exception: `SecurityException` - if a security manager exists and its `checkCreateClassLoader` method doesn't allow creation of a class loader.
public URLClassLoader(URL[] urls, ClassLoader parent) { super(parent); // this is to make the stack depth consistent with 1.1 SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkCreateClassLoader(); } ucp = new URLClassPath(urls); this.acc = AccessController.getContext(); } Constructs a new URLClassLoader for the given URLs. The URLs will be searched in the order specified for classes and resources after first searching in the specified parent class loader. Any URL that ends with a '/' is assumed to refer to a directory. Otherwise, the URL is assumed to refer to a JAR file which will be downloaded and opened as needed. If there is a security manager, this method first calls the security manager's {@code checkCreateClassLoader} method to ensure creation of a class loader is allowed. Parameters: `urls` - the URLs from which to load classes and resources `parent` - the parent class loader for delegation Throws: `SecurityException` - if a security manager exists and its {@code checkCreateClassLoader} method doesn't allow creation of a class loader. Also see: SecurityManager#checkCreateClassLoader exception: `SecurityException` - if a security manager exists and its {@code checkCreateClassLoader} method doesn't allow creation of a class loader.
URLClassLoader(URL[] urls, AccessControlContext acc) { super(); // this is to make the stack depth consistent with 1.1 SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkCreateClassLoader(); } ucp = new URLClassPath(urls); this.acc = acc; }
URLClassLoader(URL[] urls, ClassLoader parent, AccessControlContext acc) { super(parent); // this is to make the stack depth consistent with 1.1 SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkCreateClassLoader(); } ucp = new URLClassPath(urls); this.acc = acc; }
public URLClassLoader(URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) { super(parent); // this is to make the stack depth consistent with 1.1 SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkCreateClassLoader(); } ucp = new URLClassPath(urls, factory); acc = AccessController.getContext(); } Constructs a new URLClassLoader for the specified URLs, parent class loader, and URLStreamHandlerFactory. The parent argument will be used as the parent class loader for delegation. The factory argument will be used as the stream handler factory to obtain protocol handlers when creating new jar URLs. If there is a security manager, this method first calls the security manager's `checkCreateClassLoader` method to ensure creation of a class loader is allowed. Parameters: `urls` - the URLs from which to load classes and resources `parent` - the parent class loader for delegation `factory` - the URLStreamHandlerFactory to use when creating URLs Throws: `SecurityException` - if a security manager exists and its `checkCreateClassLoader` method doesn't allow creation of a class loader. Also see: SecurityManager#checkCreateClassLoader exception: `SecurityException` - if a security manager exists and its `checkCreateClassLoader` method doesn't allow creation of a class loader.

Method from java.net.URLClassLoader Summary:
addURL, close, definePackage, findClass, findResource, findResources, getPermissions, getResourceAsStream, getURLs, newInstance, newInstance

Methods from java.security.SecureClassLoader:
defineClass, defineClass, getPermissions

Methods from java.lang.ClassLoader:
addClass, clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, desiredAssertionStatus, findClass, findLibrary, findLoadedClass, findNative, findResource, findResources, findSystemClass, getBootstrapClassPath, getCallerClassLoader, getClassLoadingLock, getPackage, getPackages, getParent, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, isAncestor, loadClass, loadClass, loadLibrary, registerAsParallelCapable, resolveClass, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners

Methods from java.lang.ClassLoader:

addClass, clearAssertionStatus, defineClass, defineClass, defineClass, defineClass, definePackage, desiredAssertionStatus, findClass, findLibrary, findLoadedClass, findNative, findResource, findResources, findSystemClass, getBootstrapClassPath, getCallerClassLoader, getClassLoadingLock, getPackage, getPackages, getParent, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, isAncestor, loadClass, loadClass, loadLibrary, registerAsParallelCapable, resolveClass, setClassAssertionStatus, setDefaultAssertionStatus, setPackageAssertionStatus, setSigners

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from java.net.URLClassLoader Detail:
protected void addURL(URL url) { ucp.addURL(url); } Appends the specified URL to the list of URLs to search for classes and resources. If the URL specified is `null` or is already in the list of URLs, or if this loader is closed, then invoking this method has no effect.
public void close() throws IOException { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(new RuntimePermission("closeClassLoader")); } List< IOException > errors = ucp.closeLoaders(); // now close any remaining streams. synchronized (closeables) { Set< Closeable > keys = closeables.keySet(); for (Closeable c : keys) { try { c.close(); } catch (IOException ioex) { errors.add(ioex); } } closeables.clear(); } if (errors.isEmpty()) { return; } IOException firstex = errors.remove(0); // Suppress any remaining exceptions for (IOException error: errors) { firstex.addSuppressed(error); } throw firstex; } Closes this URLClassLoader, so that it can no longer be used to load new classes or resources that are defined by this loader. Classes and resources defined by any of this loader's parents in the delegation hierarchy are still accessible. Also, any classes or resources that are already loaded, are still accessible. In the case of jar: and file: URLs, it also closes any files that were opened by it. If another thread is loading a class when the {@code close} method is invoked, then the result of that load is undefined. The method makes a best effort attempt to close all opened files, by catching IOException s internally. Unchecked exceptions and errors are not caught. Calling close on an already closed loader has no effect.
protected Package definePackage(String name, Manifest man, URL url) throws IllegalArgumentException { String path = name.replace('.', '/').concat("/"); String specTitle = null, specVersion = null, specVendor = null; String implTitle = null, implVersion = null, implVendor = null; String sealed = null; URL sealBase = null; Attributes attr = man.getAttributes(path); if (attr != null) { specTitle = attr.getValue(Name.SPECIFICATION_TITLE); specVersion = attr.getValue(Name.SPECIFICATION_VERSION); specVendor = attr.getValue(Name.SPECIFICATION_VENDOR); implTitle = attr.getValue(Name.IMPLEMENTATION_TITLE); implVersion = attr.getValue(Name.IMPLEMENTATION_VERSION); implVendor = attr.getValue(Name.IMPLEMENTATION_VENDOR); sealed = attr.getValue(Name.SEALED); } attr = man.getMainAttributes(); if (attr != null) { if (specTitle == null) { specTitle = attr.getValue(Name.SPECIFICATION_TITLE); } if (specVersion == null) { specVersion = attr.getValue(Name.SPECIFICATION_VERSION); } if (specVendor == null) { specVendor = attr.getValue(Name.SPECIFICATION_VENDOR); } if (implTitle == null) { implTitle = attr.getValue(Name.IMPLEMENTATION_TITLE); } if (implVersion == null) { implVersion = attr.getValue(Name.IMPLEMENTATION_VERSION); } if (implVendor == null) { implVendor = attr.getValue(Name.IMPLEMENTATION_VENDOR); } if (sealed == null) { sealed = attr.getValue(Name.SEALED); } } if ("true".equalsIgnoreCase(sealed)) { sealBase = url; } return definePackage(name, specTitle, specVersion, specVendor, implTitle, implVersion, implVendor, sealBase); } Defines a new package by name in this ClassLoader. The attributes contained in the specified Manifest will be used to obtain package version and sealing information. For sealed packages, the additional URL specifies the code source URL from which the package was loaded.
protected Class<?> findClass(String name) throws ClassNotFoundException { try { return AccessController.doPrivileged( new PrivilegedExceptionAction< Class >() { public Class run() throws ClassNotFoundException { String path = name.replace('.', '/').concat(".class"); Resource res = ucp.getResource(path, false); if (res != null) { try { return defineClass(name, res); } catch (IOException e) { throw new ClassNotFoundException(name, e); } } else { throw new ClassNotFoundException(name); } } }, acc); } catch (java.security.PrivilegedActionException pae) { throw (ClassNotFoundException) pae.getException(); } } Finds and loads the class with the specified name from the URL search path. Any URLs referring to JAR files are loaded and opened as needed until the class is found.
public URL findResource(String name) { /* * The same restriction to finding classes applies to resources */ URL url = AccessController.doPrivileged( new PrivilegedAction< URL >() { public URL run() { return ucp.findResource(name, true); } }, acc); return url != null ? ucp.checkURL(url) : null; } Finds the resource with the specified name on the URL search path.
public Enumeration<URL> findResources(String name) throws IOException { final Enumeration< URL > e = ucp.findResources(name, true); return new Enumeration< URL >() { private URL url = null; private boolean next() { if (url != null) { return true; } do { URL u = AccessController.doPrivileged( new PrivilegedAction< URL >() { public URL run() { if (!e.hasMoreElements()) return null; return e.nextElement(); } }, acc); if (u == null) break; url = ucp.checkURL(u); } while (url == null); return url != null; } public URL nextElement() { if (!next()) { throw new NoSuchElementException(); } URL u = url; url = null; return u; } public boolean hasMoreElements() { return next(); } }; } Returns an Enumeration of URLs representing all of the resources on the URL search path having the specified name.
protected PermissionCollection getPermissions(CodeSource codesource) { PermissionCollection perms = super.getPermissions(codesource); URL url = codesource.getLocation(); Permission p; URLConnection urlConnection; try { urlConnection = url.openConnection(); p = urlConnection.getPermission(); } catch (java.io.IOException ioe) { p = null; urlConnection = null; } if (p instanceof FilePermission) { // if the permission has a separator char on the end, // it means the codebase is a directory, and we need // to add an additional permission to read recursively String path = p.getName(); if (path.endsWith(File.separator)) { path += "-"; p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } } else if ((p == null) && (url.getProtocol().equals("file"))) { String path = url.getFile().replace('/', File.separatorChar); path = ParseUtil.decode(path); if (path.endsWith(File.separator)) path += "-"; p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION); } else { /** * Not loading from a 'file:' URL so we want to give the class * permission to connect to and accept from the remote host * after we've made sure the host is the correct one and is valid. */ URL locUrl = url; if (urlConnection instanceof JarURLConnection) { locUrl = ((JarURLConnection)urlConnection).getJarFileURL(); } String host = locUrl.getHost(); if (host != null && (host.length() > 0)) p = new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION); } // make sure the person that created this class loader // would have this permission if (p != null) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { final Permission fp = p; AccessController.doPrivileged(new PrivilegedAction< Void >() { public Void run() throws SecurityException { sm.checkPermission(fp); return null; } }, acc); } perms.add(p); } return perms; } Returns the permissions for the given codesource object. The implementation of this method first calls super.getPermissions and then adds permissions based on the URL of the codesource. If the protocol of this URL is "jar", then the permission granted is based on the permission that is required by the URL of the Jar file. If the protocol is "file" and there is an authority component, then permission to connect to and accept connections from that authority may be granted. If the protocol is "file" and the path specifies a file, then permission to read that file is granted. If protocol is "file" and the path is a directory, permission is granted to read all files and (recursively) all files and subdirectories contained in that directory. If the protocol is not "file", then permission to connect to and accept connections from the URL's host is granted.
public InputStream getResourceAsStream(String name) { URL url = getResource(name); try { if (url == null) { return null; } URLConnection urlc = url.openConnection(); InputStream is = urlc.getInputStream(); if (urlc instanceof JarURLConnection) { JarURLConnection juc = (JarURLConnection)urlc; JarFile jar = juc.getJarFile(); synchronized (closeables) { if (!closeables.containsKey(jar)) { closeables.put(jar, null); } } } else if (urlc instanceof sun.net.www.protocol.file.FileURLConnection) { synchronized (closeables) { closeables.put(is, null); } } return is; } catch (IOException e) { return null; } } Returns an input stream for reading the specified resource. If this loader is closed, then any resources opened by this method will be closed. The search order is described in the documentation for #getResource(String) .
public URL[] getURLs() { return ucp.getURLs(); } Returns the search path of URLs for loading classes and resources. This includes the original list of URLs specified to the constructor, along with any URLs subsequently appended by the addURL() method.
public static URLClassLoader newInstance(URL[] urls) { // Save the caller's context final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( new PrivilegedAction< URLClassLoader >() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, acc); } }); return ucl; } Creates a new instance of URLClassLoader for the specified URLs and default parent class loader. If a security manager is installed, the `loadClass` method of the URLClassLoader returned by this method will invoke the `SecurityManager.checkPackageAccess` before loading the class.
public static URLClassLoader newInstance(URL[] urls, ClassLoader parent) { // Save the caller's context final AccessControlContext acc = AccessController.getContext(); // Need a privileged block to create the class loader URLClassLoader ucl = AccessController.doPrivileged( new PrivilegedAction< URLClassLoader >() { public URLClassLoader run() { return new FactoryURLClassLoader(urls, parent, acc); } }); return ucl; } Creates a new instance of URLClassLoader for the specified URLs and parent class loader. If a security manager is installed, the `loadClass` method of the URLClassLoader returned by this method will invoke the `SecurityManager.checkPackageAccess` method before loading the class.

Method from java.net.URLClassLoader Detail:

 protected  void addURL(URL url) {
        ucp.addURL(url);
}

If the URL specified is null or is already in the list of URLs, or if this loader is closed, then invoking this method has no effect.

 public  void close() throws IOException {
        SecurityManager security = System.getSecurityManager();
        if (security != null) {
            security.checkPermission(new RuntimePermission("closeClassLoader"));
        }
        List< IOException > errors = ucp.closeLoaders();
        // now close any remaining streams.
        synchronized (closeables) {
            Set< Closeable > keys = closeables.keySet();
            for (Closeable c : keys) {
                try {
                    c.close();
                } catch (IOException ioex) {
                    errors.add(ioex);
                }
            }
            closeables.clear();
        }
        if (errors.isEmpty()) {
            return;
        }
        IOException firstex = errors.remove(0);
        // Suppress any remaining exceptions
        for (IOException error: errors) {
            firstex.addSuppressed(error);
        }
        throw firstex;
}

In the case of jar: and file: URLs, it also closes any files that were opened by it. If another thread is loading a class when the {@code close} method is invoked, then the result of that load is undefined.

The method makes a best effort attempt to close all opened files, by catching IOException s internally. Unchecked exceptions and errors are not caught. Calling close on an already closed loader has no effect.

 protected Package definePackage(String name,
    Manifest man,
    URL url) throws IllegalArgumentException {
        String path = name.replace('.', '/').concat("/");
        String specTitle = null, specVersion = null, specVendor = null;
        String implTitle = null, implVersion = null, implVendor = null;
        String sealed = null;
        URL sealBase = null;
        Attributes attr = man.getAttributes(path);
        if (attr != null) {
            specTitle   = attr.getValue(Name.SPECIFICATION_TITLE);
            specVersion = attr.getValue(Name.SPECIFICATION_VERSION);
            specVendor  = attr.getValue(Name.SPECIFICATION_VENDOR);
            implTitle   = attr.getValue(Name.IMPLEMENTATION_TITLE);
            implVersion = attr.getValue(Name.IMPLEMENTATION_VERSION);
            implVendor  = attr.getValue(Name.IMPLEMENTATION_VENDOR);
            sealed      = attr.getValue(Name.SEALED);
        }
        attr = man.getMainAttributes();
        if (attr != null) {
            if (specTitle == null) {
                specTitle = attr.getValue(Name.SPECIFICATION_TITLE);
            }
            if (specVersion == null) {
                specVersion = attr.getValue(Name.SPECIFICATION_VERSION);
            }
            if (specVendor == null) {
                specVendor = attr.getValue(Name.SPECIFICATION_VENDOR);
            }
            if (implTitle == null) {
                implTitle = attr.getValue(Name.IMPLEMENTATION_TITLE);
            }
            if (implVersion == null) {
                implVersion = attr.getValue(Name.IMPLEMENTATION_VERSION);
            }
            if (implVendor == null) {
                implVendor = attr.getValue(Name.IMPLEMENTATION_VENDOR);
            }
            if (sealed == null) {
                sealed = attr.getValue(Name.SEALED);
            }
        }
        if ("true".equalsIgnoreCase(sealed)) {
            sealBase = url;
        }
        return definePackage(name, specTitle, specVersion, specVendor,
                             implTitle, implVersion, implVendor, sealBase);
}

Defines a new package by name in this ClassLoader. The attributes contained in the specified Manifest will be used to obtain package version and sealing information. For sealed packages, the additional URL specifies the code source URL from which the package was loaded.

 protected Class<?> findClass(String name) throws ClassNotFoundException {
        try {
            return AccessController.doPrivileged(
                new PrivilegedExceptionAction< Class >() {
                    public Class run() throws ClassNotFoundException {
                        String path = name.replace('.', '/').concat(".class");
                        Resource res = ucp.getResource(path, false);
                        if (res != null) {
                            try {
                                return defineClass(name, res);
                            } catch (IOException e) {
                                throw new ClassNotFoundException(name, e);
                            }
                        } else {
                            throw new ClassNotFoundException(name);
                        }
                    }
                }, acc);
        } catch (java.security.PrivilegedActionException pae) {
            throw (ClassNotFoundException) pae.getException();
        }
}

Finds and loads the class with the specified name from the URL search path. Any URLs referring to JAR files are loaded and opened as needed until the class is found.

 public URL findResource(String name) {
        /*
         * The same restriction to finding classes applies to resources
         */
        URL url = AccessController.doPrivileged(
            new PrivilegedAction< URL >() {
                public URL run() {
                    return ucp.findResource(name, true);
                }
            }, acc);
        return url != null ? ucp.checkURL(url) : null;
}

Finds the resource with the specified name on the URL search path.

 public Enumeration<URL> findResources(String name) throws IOException {
        final Enumeration< URL > e = ucp.findResources(name, true);
        return new Enumeration< URL >() {
            private URL url = null;
            private boolean next() {
                if (url != null) {
                    return true;
                }
                do {
                    URL u = AccessController.doPrivileged(
                        new PrivilegedAction< URL >() {
                            public URL run() {
                                if (!e.hasMoreElements())
                                    return null;
                                return e.nextElement();
                            }
                        }, acc);
                    if (u == null)
                        break;
                    url = ucp.checkURL(u);
                } while (url == null);
                return url != null;
            }
            public URL nextElement() {
                if (!next()) {
                    throw new NoSuchElementException();
                }
                URL u = url;
                url = null;
                return u;
            }
            public boolean hasMoreElements() {
                return next();
            }
        };
}

Returns an Enumeration of URLs representing all of the resources on the URL search path having the specified name.

 protected PermissionCollection getPermissions(CodeSource codesource) {
        PermissionCollection perms = super.getPermissions(codesource);
        URL url = codesource.getLocation();
        Permission p;
        URLConnection urlConnection;
        try {
            urlConnection = url.openConnection();
            p = urlConnection.getPermission();
        } catch (java.io.IOException ioe) {
            p = null;
            urlConnection = null;
        }
        if (p instanceof FilePermission) {
            // if the permission has a separator char on the end,
            // it means the codebase is a directory, and we need
            // to add an additional permission to read recursively
            String path = p.getName();
            if (path.endsWith(File.separator)) {
                path += "-";
                p = new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
            }
        } else if ((p == null) && (url.getProtocol().equals("file"))) {
            String path = url.getFile().replace('/', File.separatorChar);
            path = ParseUtil.decode(path);
            if (path.endsWith(File.separator))
                path += "-";
            p =  new FilePermission(path, SecurityConstants.FILE_READ_ACTION);
        } else {
            /**
             * Not loading from a 'file:' URL so we want to give the class
             * permission to connect to and accept from the remote host
             * after we've made sure the host is the correct one and is valid.
             */
            URL locUrl = url;
            if (urlConnection instanceof JarURLConnection) {
                locUrl = ((JarURLConnection)urlConnection).getJarFileURL();
            }
            String host = locUrl.getHost();
            if (host != null && (host.length()  > 0))
                p = new SocketPermission(host,
                                         SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION);
        }
        // make sure the person that created this class loader
        // would have this permission
        if (p != null) {
            final SecurityManager sm = System.getSecurityManager();
            if (sm != null) {
                final Permission fp = p;
                AccessController.doPrivileged(new PrivilegedAction< Void >() {
                    public Void run() throws SecurityException {
                        sm.checkPermission(fp);
                        return null;
                    }
                }, acc);
            }
            perms.add(p);
        }
        return perms;
}

If the protocol of this URL is "jar", then the permission granted is based on the permission that is required by the URL of the Jar file.

If the protocol is "file" and there is an authority component, then permission to connect to and accept connections from that authority may be granted. If the protocol is "file" and the path specifies a file, then permission to read that file is granted. If protocol is "file" and the path is a directory, permission is granted to read all files and (recursively) all files and subdirectories contained in that directory.

If the protocol is not "file", then permission to connect to and accept connections from the URL's host is granted.

 public InputStream getResourceAsStream(String name) {
        URL url = getResource(name);
        try {
            if (url == null) {
                return null;
            }
            URLConnection urlc = url.openConnection();
            InputStream is = urlc.getInputStream();
            if (urlc instanceof JarURLConnection) {
                JarURLConnection juc = (JarURLConnection)urlc;
                JarFile jar = juc.getJarFile();
                synchronized (closeables) {
                    if (!closeables.containsKey(jar)) {
                        closeables.put(jar, null);
                    }
                }
            } else if (urlc instanceof sun.net.www.protocol.file.FileURLConnection) {
                synchronized (closeables) {
                    closeables.put(is, null);
                }
            }
            return is;
        } catch (IOException e) {
            return null;
        }
}

The search order is described in the documentation for #getResource(String) .

 public URL[] getURLs() {
        return ucp.getURLs();
}

Returns the search path of URLs for loading classes and resources. This includes the original list of URLs specified to the constructor, along with any URLs subsequently appended by the addURL() method.

 public static URLClassLoader newInstance(URL[] urls) {
        // Save the caller's context
        final AccessControlContext acc = AccessController.getContext();
        // Need a privileged block to create the class loader
        URLClassLoader ucl = AccessController.doPrivileged(
            new PrivilegedAction< URLClassLoader >() {
                public URLClassLoader run() {
                    return new FactoryURLClassLoader(urls, acc);
                }
            });
        return ucl;
}

loadClass

SecurityManager.checkPackageAccess

 public static URLClassLoader newInstance(URL[] urls,
    ClassLoader parent) {
        // Save the caller's context
        final AccessControlContext acc = AccessController.getContext();
        // Need a privileged block to create the class loader
        URLClassLoader ucl = AccessController.doPrivileged(
            new PrivilegedAction< URLClassLoader >() {
                public URLClassLoader run() {
                    return new FactoryURLClassLoader(urls, parent, acc);
                }
            });
        return ucl;
}

loadClass

SecurityManager.checkPackageAccess