Class ClassLoadingPolicy
Provides a declarative, builder-based approach to define allowed and denied packages,
class count limits, bytecode size limits, and optional custom bytecode verification.
Use builder() to create instances.
提供声明式的、基于构建器的方式来定义允许和拒绝的包、类数量限制、
字节码大小限制和可选的自定义字节码验证。使用 builder() 创建实例。
Security | 安全性:
- Thread-safe: Yes (immutable) - 线程安全: 是 (不可变)
- Since:
- JDK 25, opencode-base-classloader V1.0.3
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classBuilder for ClassLoadingPolicy ClassLoadingPolicy 的构建器 -
Method Summary
Modifier and TypeMethodDescriptionGet the set of allowed packages (whitelist) 获取允许的包集合(白名单)static ClassLoadingPolicy.Builderbuilder()Create a new Builder for ClassLoadingPolicy 创建 ClassLoadingPolicy 的新 BuilderGet the custom bytecode verifier 获取自定义字节码验证器voidcheckAllowed(String className, byte[] bytecode, int currentCount) Check whether a class is allowed to load under this policy (full check) 检查一个类在此策略下是否允许加载(完整检查)voidcheckBytecodeAllowed(String className, byte[] bytecode) Check whether bytecode is allowed under this policy 检查字节码在此策略下是否允许voidcheckNameAllowed(String className, int currentCount) Check whether a class is allowed to load by name and count 按类名和数量检查是否允许加载Get the set of denied packages (blacklist) 获取拒绝的包集合(黑名单)intGet the maximum bytecode size per class in bytes 获取每个类的最大字节码大小(字节)intGet the maximum number of loaded classes allowed 获取允许的最大已加载类数量
-
Method Details
-
builder
Create a new Builder for ClassLoadingPolicy 创建 ClassLoadingPolicy 的新 Builder- Returns:
- a new builder instance | 新的构建器实例
-
allowedPackages
-
deniedPackages
-
maxLoadedClasses
public int maxLoadedClasses()Get the maximum number of loaded classes allowed 获取允许的最大已加载类数量- Returns:
- max loaded classes, or 0 if unlimited | 最大已加载类数,0 表示无限制
-
maxBytecodeSize
public int maxBytecodeSize()Get the maximum bytecode size per class in bytes 获取每个类的最大字节码大小(字节)- Returns:
- max bytecode size, or 0 if unlimited | 最大字节码大小,0 表示无限制
-
bytecodeVerifier
Get the custom bytecode verifier 获取自定义字节码验证器- Returns:
- the bytecode verifier, or null if none configured | 字节码验证器,如果未配置则为 null
-
checkNameAllowed
Check whether a class is allowed to load by name and count 按类名和数量检查是否允许加载Evaluation order (deny wins over allow): denied packages are checked first; if the class matches any denied prefix, it is rejected immediately regardless of the allowed list. Only if the class passes the deny check is the allow list consulted (when non-empty, the class must match at least one allowed prefix). Finally, the loaded-class count limit is enforced.
评估顺序(拒绝优先于允许):首先检查拒绝的包;如果类匹配任何拒绝前缀, 则立即拒绝,不论允许列表如何。仅当类通过拒绝检查后才查询允许列表 (当允许列表非空时,类必须匹配至少一个允许前缀)。最后执行类数量限制检查。
- Parameters:
className- the fully qualified class name | 完全限定类名currentCount- the current number of loaded classes | 当前已加载的类数量- Throws:
OpenClassLoaderException- if the class is not allowed | 当类不被允许时NullPointerException- if className is null | 当 className 为 null 时
-
checkBytecodeAllowed
Check whether bytecode is allowed under this policy 检查字节码在此策略下是否允许Checks bytecode size limit and custom bytecode verifier. Call this when actual bytecode is available (in findClass/defineClass).
检查字节码大小限制和自定义字节码验证器。在字节码可用时调用(在 findClass/defineClass 中)。
- Parameters:
className- the fully qualified class name | 完全限定类名bytecode- the raw class bytecode | 原始类字节码- Throws:
OpenClassLoaderException- if the bytecode is not allowed | 当字节码不被允许时NullPointerException- if className or bytecode is null | 当参数为 null 时
-
checkAllowed
Check whether a class is allowed to load under this policy (full check) 检查一个类在此策略下是否允许加载(完整检查)Combines name check and bytecode check. Use when bytecode is available.
合并名称检查和字节码检查。在字节码可用时使用。
- Parameters:
className- the fully qualified class name | 完全限定类名bytecode- the raw class bytecode (may be null to skip bytecode checks) | 原始类字节码(可为 null 以跳过字节码检查)currentCount- the current number of loaded classes | 当前已加载的类数量- Throws:
OpenClassLoaderException- if the class is not allowed | 当类不被允许时NullPointerException- if className is null | 当 className 为 null 时
-