• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Tim Cooke
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Frank Carver
  • Henry Wong
  • Ron McLeod
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Himai Minh

Reflection use with private method

 
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
if a private method of a class can be accessed by any other class by using reflection then what is the use of keeping a private method. Is there any way to protect your class so that even using reflection cannot access it?

Thanks in advance
 
Sheriff
Posts: 22683
128
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can actually block access using security managers.
 
author and iconoclast
Posts: 24204
44
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First, you have to understand the difference between security and good software engineering practice. The first is something you try to lock down 100%. The latter is something you try to enforce, but people have legitimate reasons for getting around it in some cases. For example, "encapsulation" is good practice, but sometimes someone might need to hack a feature in under a tight deadline...

Second, note that although by default, you can access private members using reflection, a java.lang.SecurityManager can be installed in any JVM, and that security manager can block reflective access by policy. In a security-critical environment, this might be something you want to do.
 
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you have a private constructor for instance you could use:



 
nitin pokhriyal
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong
 
Rob Spoor
Sheriff
Posts: 22683
128
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

nitin pokhriyal wrote:fred


*looks at himself* nope, I definitely do not look like Fred Flintstone.
 
nitin pokhriyal
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am really sorry Rob. My bad..
 
Rob Spoor
Sheriff
Posts: 22683
128
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's ok, it's quite normal to mistake us bartenders. Especially since Fred is so much more helpful than me
 
nitin pokhriyal
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i have never seen so much quick response in any other forum even in ranch. I really appreciate your help
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong



Yes if it's not the Constructor you want to protect then your best bet is the security Manager
 
Ranch Hand
Posts: 144
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sebastian Janisch wrote:

nitin pokhriyal wrote:Thanks to three of you.
I think ernest and fred were right about security manager but Sebastian i asked about only accessing private method security not about securing my class. so your solution doesn't seems to be working in this case. correct me if i am wrong



Yes if it's not the Constructor you want to protect then your best bet is the security Manager



It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.
 
author
Posts: 23928
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.



That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.

Henry
 
R van Vliet
Ranch Hand
Posts: 144
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Henry Wong wrote:

R van Vliet wrote:
It is a little odd. By default you cannot actually invoke private methods using the default security manager. But then it does allow :


After which you can invoke the private method. Bit silly.



That's how (or more correctly, when) the security manager is called. The setAccessible() method is the method that invokes the check with the security manager.

Henry



Yep, I know, that's exactly what I find slightly odd. Apparently the security manager by default does not allow invocation of reflected private methods, but it does allow me to tell it that it's wrong and override it's opinion on my private method access ;) Any SecurityManager implementation where setAccessible(true) succeeds shouldn't impose a limitation on invoking that method in the first place in my opinion.

I'm glad it works because we use it in our game server so we don't have to use a custom security manager but it is a little odd.
reply
    Bookmark Topic Watch Topic
  • New Topic