aspose file tools*
The moose likes Java in General and the fly likes Reflection use with private method Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Reflection use with private method" Watch "Reflection use with private method" New topic
Author

Reflection use with private method

nitin pokhriyal
Ranch Hand

Joined: May 19, 2005
Posts: 263
if a private method of a class can be accessed by any other class by using reflection then what is the use of keeping a private method. Is there any way to protect your class so that even using reflection cannot access it?

Thanks in advance
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19792
    
  20

You can actually block access using security managers.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24187
    
  34

First, you have to understand the difference between security and good software engineering practice. The first is something you try to lock down 100%. The latter is something you try to enforce, but people have legitimate reasons for getting around it in some cases. For example, "encapsulation" is good practice, but sometimes someone might need to hack a feature in under a tight deadline...

Second, note that although by default, you can access private members using reflection, a java.lang.SecurityManager can be installed in any JVM, and that security manager can block reflective access by policy. In a security-critical environment, this might be something you want to do.


[Jess in Action][AskingGoodQuestions]
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
If you have a private constructor for instance you could use:




JDBCSupport - An easy to use, light-weight JDBC framework -
nitin pokhriyal
Ranch Hand

Joined: May 19, 2005
Posts: 263
Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19792
    
  20

nitin pokhriyal wrote:fred

*looks at himself* nope, I definitely do not look like Fred Flintstone.
nitin pokhriyal
Ranch Hand

Joined: May 19, 2005
Posts: 263
I am really sorry Rob. My bad..
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19792
    
  20

It's ok, it's quite normal to mistake us bartenders. Especially since Fred is so much more helpful than me
nitin pokhriyal
Ranch Hand

Joined: May 19, 2005
Posts: 263
i have never seen so much quick response in any other forum even in ranch. I really appreciate your help
Sebastian Janisch
Ranch Hand

Joined: Feb 23, 2009
Posts: 1183
nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong


Yes if it's not the Constructor you want to protect then your best bet is the security Manager
R van Vliet
Ranch Hand

Joined: Nov 10, 2007
Posts: 144
Sebastian Janisch wrote:
nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong


Yes if it's not the Constructor you want to protect then your best bet is the security Manager


It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 19073
    
  40

R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.


That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
R van Vliet
Ranch Hand

Joined: Nov 10, 2007
Posts: 144
Henry Wong wrote:
R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.


That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.

Henry


Yep, I know, that's exactly what I find slightly odd. Apparently the security manager by default does not allow invocation of reflected private methods, but it does allow me to tell it that it's wrong and override it's opinion on my private method access ;) Any SecurityManager implementation where setAccessible(true) succeeds shouldn't impose a limitation on invoking that method in the first place in my opinion.

I'm glad it works because we use it in our game server so we don't have to use a custom security manager but it is a little odd.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Reflection use with private method