Hi. I have a theoretical problem here. is it possible for a class to impersonate it's identity ? E.g. Class A attempts to access Class B methods. Class B methods uses a getClass().getName(); method to attempt to check Class A to ensure it is who it is. Can impersonation take place ? e.g. Class C impersonates Class A to get pass the getclass().getName(); Class B uses for checks ?
If Class B wants to implement getClass().getName() for checks effective on the sample method below, how do I implement it properly in the sample code below ?
The above example is a simulation of a plugin applet in the system trying to access an internal key server database in the system.
Steven van der Baan
posted 5 years ago
To answer your first question:
It is possible to do impersonation. This is an 'flaw' from the classloader. If I create another Class A which has the same FQN as the one that you are refering to, and i load mine before all your Classes (A an B), your A class will not be loaded due to the fact that the classloader already has A class named 'Class A'. If your Class B then checks the FQN it can't determine if it is the Class A it requires like in your example, or the one that I loaded first and in your example I would get access to the private key.
A possible method to avoid it, is not just rely on the name, but also use a method inside the Class A which return a specific value you expect. This will prevent me to extend your Class A and use the same name.