 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / June 2006Bug in Java Reflection Class
it seems that there is a bug in java Reflection class [ java.lang.reflect ] that will allow an illegall access permission to private fields and methods. for example take a look at the code below : ------------------------------------------ public class Test { private void f() { System.out.println("A private Method has been invoked from Test"); } } ------------------------------------------ By Default there should be no way to invoke f2 from outside of this class. but by using reflection and setting that methods Accessiblity to true we can directly invoke that method. just like below: ------------------------------------------ import java.lang.reflect.* ; public class Main { public static void main (String[] args) { access Access = new access(); Access.r() ; } } class access { public void r() { Class x= Test.class; Method[] m=x.getDeclaredMethods(); try{ m[0].setAccessible(true); // [*] m[0].invoke(new Test(),null); // C'est la vie!! we invoked a private method outside of the class!! } catch ( Exception e) {e.printStackTrace (); } } } ------------------------------------------ The result is : run: A private Method has been invoked from Test * by removing this we get illegalAccessException which is normal, but setting a private method accessible is a bug! > it seems that there is a bug in java Reflection class [ > java.lang.reflect ] that will allow an illegall access permission to [quoted text clipped - 52 lines] > * by removing this we get illegalAccessException which is normal, but > setting a private method accessible is a bug! I think it's not a bug, it's a feature. - Oliver > it seems that there is a bug in java Reflection class [ > java.lang.reflect ] that will allow an illegall access permission to > private fields and methods. Obviously it's not a bug. Bugs don't generally come with well- documented APIs to enable them! :) This is integrated into the Java security model, so that untrusted code will be unable to call setAccessible and thus unable to call privcate methods. Among trusted code, private field and method access is occasionally worthwhile, such as when I want an ORM mapper to interact with my class without having to expose setXXX methods for every field!  SignatureChris Smith - Lead Software Developer / Technical Trainer MindIQ Corporation > * by removing this we get illegalAccessException which is normal, but > setting a private method accessible is a bug! Not a bug. Behaviour by design (and documentated as such). If you want to disallow such access, then set a sutable security policy (I forget the details off-hand). -- chris Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.