rayhon88
asked on
Reflection violates the accessibility
hi, experts,
Recently, i am studying reflection in java.lang.reflect.*
i found out that Field and Method class has the method called setAccessible(boolean flag), once set it to true, you can access other classes private field or method... isn't that violates the accessibility in Java and the encapsulation concept? --provided by JDK1.3 or later version..
ray
Recently, i am studying reflection in java.lang.reflect.*
i found out that Field and Method class has the method called setAccessible(boolean flag), once set it to true, you can access other classes private field or method... isn't that violates the accessibility in Java and the encapsulation concept? --provided by JDK1.3 or later version..
ray
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
u should use getDeclaredField instead of getField
ASKER
great answer bazamy..but the answer from saxaboo is helpful too..
question is how to set up the security check? give me some guideline on this saxaboo...
thanks
ray
question is how to set up the security check? give me some guideline on this saxaboo...
thanks
ray
Hi,
Check out this document:
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html
For applet related permission should not be granted, and I don't think that ensuring proper encapsulation using security permissions is worth spent efforts. As my experience shows, not many developers know about this way of member access, and those who know typically understand consequences.
BTW, in stand-alone application mentioned permission granted to everyone (hmm, I need to refresh this, it could be that in standalone mode there is no security manager at all, so all permissions are granted to everyone)
Regards,
Igor Bazarny
Check out this document:
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html
For applet related permission should not be granted, and I don't think that ensuring proper encapsulation using security permissions is worth spent efforts. As my experience shows, not many developers know about this way of member access, and those who know typically understand consequences.
BTW, in stand-alone application mentioned permission granted to everyone (hmm, I need to refresh this, it could be that in standalone mode there is no security manager at all, so all permissions are granted to everyone)
Regards,
Igor Bazarny
ASKER
All i worry is that if hacker knows the class contract like Customer class, can he see the private information for the Customer with this mechanism? Normally, if RMI that may pass the serialized objects for remote usage, will it possibly be stolen by the hacker during the network transportation?
ray
ray
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
- points to bazarny@idg
Please leave any comments here within the
next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !
girionis
Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area that this question is:
- points to bazarny@idg
Please leave any comments here within the
next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !
girionis
Cleanup Volunteer
I actually recommended points only to bazarny :-)
public class Test {
private String test;
}
And executed this code:
try {
Class cls = Test.class;
java.lang.reflect.Field fld = cls.getField("test");
fld.setAccessible(true);
} catch (Exception e) {
e.printStackTrace();
}
The result was:
java.lang.NoSuchFieldExcep
at java.lang.Class.getField0(
at java.lang.Class.getField(C
at Demo.main(Demo.java:26)
As you can see - you can't get an instance of this private field, which is needed to get the change the accessibility.
Thus only the code, that can access this field can change the accesibility of the field. I don't think that this violates "the accessibility in Java and the encapsulation concept", becasue if a code fragment can access the field (method) - it could make the value (functionallity) available to the other code, that cannot access it.