| Author |
Reflection use with private method
|
nitin pokhriyal
Ranch Hand
Joined: May 19, 2005
Posts: 263
|
|
if a private method of a class can be accessed by any other class by using reflection then what is the use of keeping a private method. Is there any way to protect your class so that even using reflection cannot access it?
Thanks in advance
|
 |
Rob Spoor
Sheriff
Joined: Oct 27, 2005
Posts: 19216
|
|
|
You can actually block access using security managers.
|
SCJP 1.4 - SCJP 6 - SCWCD 5
How To Ask Questions How To Answer Questions
|
|
Ernest Friedman-Hill
author and iconoclast
Marshal
Joined: Jul 08, 2003
Posts: 24041
|
|
First, you have to understand the difference between security and good software engineering practice. The first is something you try to lock down 100%. The latter is something you try to enforce, but people have legitimate reasons for getting around it in some cases. For example, "encapsulation" is good practice, but sometimes someone might need to hack a feature in under a tight deadline...
Second, note that although by default, you can access private members using reflection, a java.lang.SecurityManager can be installed in any JVM, and that security manager can block reflective access by policy. In a security-critical environment, this might be something you want to do.
|
[Jess in Action][AskingGoodQuestions]
|
|
Sebastian Janisch
Ranch Hand
Joined: Feb 23, 2009
Posts: 1183
|
|
If you have a private constructor for instance you could use:
|
JDBCSupport - An easy to use, light-weight JDBC framework -
|
|
nitin pokhriyal
Ranch Hand
Joined: May 19, 2005
Posts: 263
|
|
Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong
|
|
Rob Spoor
Sheriff
Joined: Oct 27, 2005
Posts: 19216
|
|
nitin pokhriyal wrote:fred
*looks at himself* nope, I definitely do not look like Fred Flintstone.
|
|
nitin pokhriyal
Ranch Hand
Joined: May 19, 2005
Posts: 263
|
|
|
I am really sorry Rob. My bad..
|
|
Rob Spoor
Sheriff
Joined: Oct 27, 2005
Posts: 19216
|
|
It's ok, it's quite normal to mistake us bartenders. Especially since Fred is so much more helpful than me 
|
|
nitin pokhriyal
Ranch Hand
Joined: May 19, 2005
Posts: 263
|
|
|
i have never seen so much quick response in any other forum even in ranch. I really appreciate your help
|
|
Sebastian Janisch
Ranch Hand
Joined: Feb 23, 2009
Posts: 1183
|
|
nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong
Yes if it's not the Constructor you want to protect then your best bet is the security Manager
|
|
R van Vliet
Ranch Hand
Joined: Nov 10, 2007
Posts: 144
|
|
Sebastian Janisch wrote:
nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong
Yes if it's not the Constructor you want to protect then your best bet is the security Manager
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :
After which you can invoke the private method. Bit silly.
|
|
Henry Wong
author
Sheriff
Joined: Sep 28, 2004
Posts: 16681
|
|
R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :
After which you can invoke the private method. Bit silly.
That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.
Henry
|
Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
|
|
R van Vliet
Ranch Hand
Joined: Nov 10, 2007
Posts: 144
|
|
Henry Wong wrote:
R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :
After which you can invoke the private method. Bit silly.
That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.
Henry
Yep, I know, that's exactly what I find slightly odd. Apparently the security manager by default does not allow invocation of reflected private methods, but it does allow me to tell it that it's wrong and override it's opinion on my private method access ;) Any SecurityManager implementation where setAccessible(true) succeeds shouldn't impose a limitation on invoking that method in the first place in my opinion.
I'm glad it works because we use it in our game server so we don't have to use a custom security manager but it is a little odd.
|
|
 |
|
|
subject: Reflection use with private method
|
|
|
0
