Application Security Testing: An Integral Part of DevOps

This code uses the that loads the current class and getClass() could return something unexpected, like a subclass, or a dynamic proxy. This is hardly ever what you want when you dynamically load an additional class, moreover in managed environments such as Servlet Engines or Java Webstart, application servers this is most certainly .

Class myclass = Class.forName(name);
Class myclass = getClass().getClassLoader().loadClass(name);

This code will comport very differently depending on the environment in which it runs. Environments that use the context class loader to provide applications with a class loader should use it to retrieve their own classes.

ClassLoader cl = Thread.currentThread().getContextClassLoader();
If (cl == null)  cl = MyClass.class.getClassLoader(); 
Class myclass =  cl.loadClass(name);

 

Visit the DevX Tip Bank

 



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here