{"id":3684,"date":"2014-03-29T07:54:36","date_gmt":"2014-03-29T07:54:36","guid":{"rendered":"https:\/\/unknownerror.org\/index.php\/2014\/03\/29\/how-to-spoof-a-java-package-and-thus-a-part-of-the-api-in-osgi-collection-of-common-programming-errors\/"},"modified":"2014-03-29T07:54:36","modified_gmt":"2014-03-29T07:54:36","slug":"how-to-spoof-a-java-package-and-thus-a-part-of-the-api-in-osgi-collection-of-common-programming-errors","status":"publish","type":"post","link":"https:\/\/unknownerror.org\/index.php\/2014\/03\/29\/how-to-spoof-a-java-package-and-thus-a-part-of-the-api-in-osgi-collection-of-common-programming-errors\/","title":{"rendered":"How to spoof a java package (and thus a part of the API) in OSGi?-Collection of common programming errors"},"content":{"rendered":"<p>In principle this is possible. Only catch is that if you specify a class in the &#8216;java&#8217; package, the sun classloader will forbid it:<\/p>\n<pre><code>Exception in thread \"main\" java.lang.SecurityException: Prohibited package name: java.io\n    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:480)\n    at java.lang.ClassLoader.defineClass(ClassLoader.java:615)\n    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)\n    at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)\n    at java.net.URLClassLoader.access$000(URLClassLoader.java:56)\n    at java.net.URLClassLoader$1.run(URLClassLoader.java:195)\n    at java.security.AccessController.doPrivileged(Native Method)\n    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)\n    at java.lang.ClassLoader.loadClass(ClassLoader.java:307)\n    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)\n    at java.lang.ClassLoader.loadClass(ClassLoader.java:252)\n    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)\n<\/code><\/pre>\n<p>In order to circumvent the problem, you need to provide your extra classes on the boot classpath:<\/p>\n<pre><code>$ java -Xbootclasspath:\/home\/user\/Desktop\/:\/home\/user\/Desktop\/rt.jar java.io.Hack\nhacked\n<\/code><\/pre>\n<p>You can then also override system files, for instance java.io.File:<\/p>\n<pre><code>$ java -Xbootclasspath:\/home\/user\/Desktop\/:\/home\/user\/Desktop\/rt.jar java.io.File\nError occurred during initialization of VM\njava.lang.NoSuchFieldError: separatorChar\n    at java.lang.Runtime.loadLibrary0(Runtime.java:819)\n    at java.lang.System.loadLibrary(System.java:1030)\n    at java.lang.System.initializeSystemClass(System.java:1077)\n<\/code><\/pre>\n<p>(showing that we just overrode java.io.File)<\/p>\n<p>So you can override system classes, the trick is that you must have access to the virtual machine. You can&#8217;t do it on the fly, which of course is due to security restrictions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In principle this is possible. Only catch is that if you specify a class in the &#8216;java&#8217; package, the sun classloader will forbid it: Exception in thread &#8220;main&#8221; java.lang.SecurityException: Prohibited package name: java.io at java.lang.ClassLoader.preDefineClass(ClassLoader.java:480) at java.lang.ClassLoader.defineClass(ClassLoader.java:615) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124) at java.net.URLClassLoader.defineClass(URLClassLoader.java:260) at java.net.URLClassLoader.access$000(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3684","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/3684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=3684"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/3684\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=3684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=3684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=3684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}