安全类从JAR Files导入 [英] Safe class imports from JAR Files

问题描述

考虑java程序从jar文件导入类的场景。如果同一个类位于两个或多个jar文件中，则可能存在问题。

Consider a scenario that a java program imports the classes from jar files. If the same class resides in two or more jar files there could be a problem.

1. In这样的场景程序导入的类是什么？它是带有旧时间戳的
   类吗？

1. In such scenarios what is the class that imported by the program? Is it the class with the older timestamp??

我们可以采取哪些措施来避免此类并发症。

What are the practices we can follow to avoid such complications.

编辑：这是一个例子。我有2个jar文件my1.jar和my2.jar。这两个文件都包含com.mycompany.CrazyWriter

Edit : This is an example. I have 2 jar files my1.jar and my2.jar. Both the files contain com.mycompany.CrazyWriter

推荐答案

首先，我假设你的意思是同一个类还有两个以上 jar 文件...

First, I assume that you mean that the same class resides in two more jar files...

现在，回答你的问题：

1. 导入哪个类取决于您的类加载器和JVM。你不能保证它会是哪一个类，但在普通的类加载器中它将是类路径中第一个jar文件的类。


2. 不要将同一个类放入多个jar文件中，或者如果您尝试覆盖系统类，请使用 -bootclasspath 。

1. Which class is imported is dependent on your classloader and JVM. You cannot guarantee which class it will be, but in the normal classloader it will be the class from the first jar file on your classpath.
2. Don't put the same class into multiple jar files, or if you are trying to override system classes, use -bootclasspath.

编辑：解决有关此答案的其中一条评论。我原本以为密封罐子会有所作为，因为理论上它不应该从不同的jar文件中加载来自同一个包的两个类。但是，经过一些实验，我发现这个假设不成立，至少对于默认的安全提供程序。

Edit: To address one of the comments on this answer. I originally thought that sealing the jar would make a difference, since in theory it should not load two classes from the same package from different jar files. However, after some experimentation, I see that this assumption does not hold true, at least with the default security provider.

这篇关于安全类从JAR Files导入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！