Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4157089

Fields that could use AccessibleObject.setAccessible() cannot be created.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P3 P3
    • None
    • 1.2.0
    • core-libs
    • generic
    • generic


      allan.jacobs@Eng 1998-07-14

      The comments for AccessibleObject say that access checks are supposed to be made
      when Fields, Methods, or Constructors are used.
      /**
       * The AccessibleObject class is the base class for Field, Method and
       * Constructor objects. It provides the ability to flag a reflected
       * object as suppressing default Java language access control checks
       * when it is used. The access checks--for public, default (package)
       * access, protected, and private members--are performed when Fields,
       * Methods or Constructors are used to set or get fields, to invoke
       * methods, or to create and initialize new instances of classes,
       * respectively.
       *
       * <p>Setting the <tt>accessible</tt> flag in a reflected object
       * permits sophisticated applications with sufficient privilege, such
       * as Java Object Serialization or other persistence mechanisms, to
       * manipulate objects in a manner that would normally be prohibited.
       *
       * @see Field
       * @see Method
       * @see Constructor
       * @see ReflectPermission
       *
       * @since JDK1.2
       */


      The routines that an application code can use to actually obtain Fields, Methods,
      or Constructors are in java.lang.Class. Each of them does an access check that
      will not allow the caller access to non-public members.
          /**
           * Returns a Field object that reflects the specified public
           * member field of the class or interface represented by
           * this Class object. The name parameter is a String specifying
           * the simple name of the desired field.
           *
           * <p>The field to be reflected is located by searching all the
           * member fields of the class or interface represented by this
           * Class object for a public field with the specified name.
           *
           * <p>See <em>The Java Language Specification</em>, sections 8.2 and 8.3.
           *
           * @exception NoSuchFieldException if a field with the specified name is
           * not found.
           * @exception SecurityException if access to the information is denied.
           * @see java.lang.reflect.Field
           * @since JDK1.1
           */
          public Field getField(String name)
          throws NoSuchFieldException, SecurityException {
          checkMemberAccess(Member.PUBLIC);
          return getField0(name, Member.PUBLIC);
          }

      Consequently, it is impossible to generate a Field, Method, or Constructor object that
      can actually make use of the setAccessible method.

      A short test code is attached that attempts to use of the setAccessible method. It sets
      up a number of classes (S01, S02, S03, and S04) that possess the fields that the class
      L01 wants to reflect. An interface is used, so that S01, S02, S03, and S04 instances
      are the one's doing the accessibility setting. This is my interpretation of the
      cryptic comment in java/lang/reflect/AccessibleObject.java about "sophisticated applications
      with sufficient privilege" -- I may be wrong on this point.

      Also attached is a script X.ksh that compiles and runs the attached source code.
      Running it shows that all attempts to create Fields corresponding to non-public
      fields fail.

      algol% uname -a
      SunOS algol 5.6 Generic sun4u sparc SUNW,Ultra-1
      algol% X.ksh
      /net/mulder.eng/export/mulder3/jdk12x/sparc/jdk12/bin/java
      java full version "JDK-1.2beta4-J"
      Invoking class
      S01.f01: java.lang.NoSuchFieldException: f01
      S01.f02: java.lang.NoSuchFieldException: f02
      S01.f03: java.lang.NoSuchFieldException: f03
      S01.f04:
        name= f04
        type= int
        value= 4
      Superclass of invoking class
      S02.f01: java.lang.NoSuchFieldException: f01
      S02.f02: java.lang.NoSuchFieldException: f02
      S02.f03: java.lang.NoSuchFieldException: f03
      S02.f04:
        name= f04
        type= int
        value= 8
      Another class
      S01.s03:
        name= s03
        type= class P01.S03
        value=P01.S03@37158231
      S03.f01: java.lang.NoSuchFieldException: f01
      S03.f32: java.lang.NoSuchFieldException: f02
      S03.f03: java.lang.NoSuchFieldException: f03
      S03.f04:
        name= f04
        type= int
        value= 12
      Another non-public class
      S01.s04:
        name= s04
        type= class P01.S04
        value=P01.S04@35418231
      S04.f01: java.lang.NoSuchFieldException: f01
      S04.f02: java.lang.NoSuchFieldException: f02
      S04.f03: java.lang.NoSuchFieldException: f03
      S04.f04:
        name= f04
        type= int
        value= 16

            ajacobssunw Allan Jacobs (Inactive)
            ajacobssunw Allan Jacobs (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: