Why you can not create class in java.lang?

Question

Say I am creating a class LangTest.java in the following way:

package java.lang;

public class LangTest 
{
    public static void show()
    {
        System.out.println("In langTest.show()");
    }
}

In another class I am even calling the method as:

LangTest.show();

None of them has given any compilation problem, yet at run-time it throws exception. --

Exception in thread "main" java.lang.SecurityException: Prohibited package name: java.lang
    at java.lang.ClassLoader.preDefineClass(ClassLoader.java:479)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:614)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
    at java.net.URLClassLoader.access$000(URLClassLoader.java:56)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
    at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
    at com.javatpoint.Test.main(Test.java:28)

This happens whenever you create a package name starting with "java.".

My question is why we are not allowed to create a class in java.lang or similar? Moreover, why no compilation error was given in this case?

score 7 · Accepted Answer · answered Jun 18 '14 at 09:33

7

My question is why we are not allowed to create a class in java.lang or similar?

You can create a class there. But for security reasons a "normal" classloader will not let you load it, it only accepts them from the JDK's own core jar file. This is to protect Java users from running malicious code that could completely corrupt their system (undermine sandbox restrictions for example).

You have to implement your own JDK (or at least create your own version of runtime.jar) if you want to implement your own version of the java.* classes.

Moreover, why no compilation error was given in this case?

Well, the JDK standard libraries also need to be compiled by the same Java compiler...

answered Jun 18 '14 at 09:33

Thilo

257,207
101
511
656

Why "JDK standard libraries also need to be compiled"? I mean the JRE is already carrying the class files. – Plymouth Rock Jun 18 '14 at 09:48
@user1027056: Well, someone at Oracle has compiled them for you. From regular Java source files using the regular Java compiler (for the most part). – Thilo Jun 18 '14 at 09:54
My point is, the way it is checking the security issue during runtime why the same is not carried out during compilation? Is there any very specific case where this SecurityException will not be raised? – Plymouth Rock Jun 18 '14 at 10:01
1

Then the people at Oracle could not compile the classes to put into the JDK. Again, the class compiles because it is a valid class. The JVM just makes sure that you cannot load such a class from anywhere except the JDK core itself. – Thilo Jun 18 '14 at 10:03
1

Think, this info could be in context. To change the bootstrap classpath java -X, here is just the option you need exactly. -Xbootclasspath/p: Got reference from here: [link]http://stackoverflow.com/questions/4838301/how-to-overwrite-classes-from-jdk – Plymouth Rock Jun 18 '14 at 10:14

Nirav Prajapati · Answer 2 · 2014-06-18T09:52:12.010

The prefix "java" are reserved for core Java packages and Java extensions, respectively.

Thats why you cannot declare your package name starts with java

It's reserved by the language because that's where the core Java content already resides. In fact, everything within the java.lang package is implicitly imported by default, in any piece of Java code.

It contains "classes that are fundamental to the design of the Java programming language." (from the docs). Since user-defined classes cannot, by definition, be critical to the design of the language, you are forbidden from putting content there. Allowing users to put code within the java.lang package would also be a problem because that would expose any package-domain content defined there to the user.

Just change your package name (to virtually anything else), and you'll be good to go. By convention, package names are usually lowercase, but you can make it whatever makes sense for your project. See the tutorial on packages for more.

For more things to know about how to declare package go to below link

http://www3.ntu.edu.sg/home/ehchua/programming/java/J9c_PackageClasspath.html

Astonishingly, I have just tried with package name javax.zzzz; and code ran successfully!!! — Plymouth Rock, Jun 18 '14 at 09:44
yup i also checked it working properly ..its my mistake update my answer — Nirav Prajapati, Jun 18 '14 at 09:52

score 1 · Answer 3 · answered Jun 18 '14 at 09:33

The reason for this SecurityException, is that a class in that package could be able to expose properties with package access that should be restricted to "classes that are fundamental to the design of the Java programming language" (according to http://docs.oracle.com/javase/6/docs/api/java/lang/package-summary.html)

score 0 · Answer 4 · answered Jun 18 '14 at 09:34

0

Package java.util is sealed for modifications. One possible way to add classes to this package is edit sources compile your own version of java (e.g. OpenJDK)

answered Jun 18 '14 at 09:34

Mateusz Odelga

354
2
7

score 0 · Answer 5 · answered Jun 18 '14 at 09:35

0

java.lang is reserved for java classes for security reasons. There is no reason for compilation error since your code is syntactically correct.

answered Jun 18 '14 at 09:35

Nikhil Talreja

2,754
1
14
20

Why you can not create class in java.lang?

5 Answers5