• Post Reply Bookmark Topic Watch Topic
  • New Topic

access private variable and methods from other class using reflection.  RSS feed

 
Ritesh raushan
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
we can also access private variable or method from other class using reflection. then how java is highly secured language.
 
Campbell Ritchie
Marshal
Posts: 55772
163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Because you can apply security managers to prevent people accessing private variables.

Access modifiers are not designed to assure security, but to impose encapsulation and data hiding, and to encourage good programming practice. You can of course apply bad programming practices if you wish.
Last year I showed our undergraduates my colour class, where you can increase the red component > 255, causing the colour to go green! I challenged them to work out how I created it, and nobody could. So I told them and was told, “but that’s cheating!”
“Of course it’s cheating. How do you think I could have done it without cheating?”
Using reflection out of its intended purpose is cheating.
 
Ritesh raushan
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Campbell Ritchie wrote:
Using reflection out of its intended purpose is cheating.



ok but already api given by sun ms and method for access fields and method then how cheating.
 
Winston Gutkowski
Bartender
Posts: 10573
65
Eclipse IDE Hibernate Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ritesh raushan wrote:ok but already api given by sun ms and method for access fields and method then how cheating.

Because it allows you to do things that the language didn't intend.

In my view, reflection in Java is an aberration. It operates totally outside the normal bounds of the language, so you need to understand that, quite apart from being complex, error-prone and SLOW, it is inherently unsafe.

There are a few (VERY few) things for which it is useful, but the chances of you running into them in your first couple of years of programming are almost nil. And if you ever find yourself wanting to use it, the first thing you should ask yourself is: Can I do this without reflection?

HIH

Winston
 
Campbell Ritchie
Marshal
Posts: 55772
163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Isn’t reflection intended for IDE writing and similar?
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Campbell Ritchie wrote:Isn’t reflection intended for IDE writing and similar?


It's very handy for plugins (into an IDE or whatever), for JavaBean manipulation, for hooking in with scripting languages...
 
Winston Gutkowski
Bartender
Posts: 10573
65
Eclipse IDE Hibernate Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeff Verdegan wrote:It's very handy for plugins (into an IDE or whatever), for JavaBean manipulation, for hooking in with scripting languages...

Hmmm. An IDE I could see, because it needs to be introspective - and maybe some sort of Bean manager too; but couldn't plugins (if properly designed) be handled by dependency injection? Or indeed a custom ClassLoader?

Also, what's the chance of a question in the Beginners forum having to do with these sorts of things, which are pretty advanced? Seems much more likely to me that reflection is being used to save typing.

Winston
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Winston Gutkowski wrote:
Jeff Verdegan wrote:It's very handy for plugins (into an IDE or whatever), for JavaBean manipulation, for hooking in with scripting languages...

Hmmm. An IDE I could see, because it needs to be introspective - and maybe some sort of Bean manager too; but couldn't plugins (if properly designed) be handled by dependency injection?


DI definitely uses reflection.

Or indeed a custom ClassLoader?


For loading the classes, sure, but not for executing their methods.

Also, what's the chance of a question in the Beginners forum having to do with these sorts of things, which are pretty advanced? Seems much more likely to me that reflection is being used to save typing.


Fair point. I wasn't talking about the OP's use of it in this particular case, just addressing Campbell's comment, which I interpreted to be about its use in general.
 
Winston Gutkowski
Bartender
Posts: 10573
65
Eclipse IDE Hibernate Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeff Verdegan wrote:DI definitely uses reflection.

True, but from what I understand, frameworks like Guice use it only for instantiation, rather like the providers for things like JDBC. Everything else works through standard Java interfaces and classes.

However, it has to be said, I'm no expert; and I suspect there are lots of different "flavours" of DI.

Winston
 
Jesper de Jong
Java Cowboy
Sheriff
Posts: 16028
87
Android IntelliJ IDE Java Scala Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Reflection is a powerful thing, but it should really be used only for special cases, if there really is no other way to do things. Don't use reflection if you can solve your problem using normal language constructs.

Calling methods via reflection is relatively slow, it can prevent the JVM and JIT from performing certain optimizations, and it's not type-safe - type errors that you would normally catch at compile time won't be noticed until runtime.
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Winston Gutkowski wrote:
Jeff Verdegan wrote:DI definitely uses reflection.

True, but from what I understand, frameworks like Guice use it only for instantiation, rather like the providers for things like JDBC. Everything else works through standard Java interfaces and classes.

However, it has to be said, I'm no expert; and I suspect there are lots of different "flavours" of DI.

Winston


I can see 3 ways in which that could be true:

1. The authors of the DI frameworks know ahead of time what your beans' properties will be.

2. They don't call any setters at all, and all the DI properties are passed to the constructor. This isn't really any safer or simpler than reflectively invoking setters, IMHO.

3. The DI framework generates Java source code to invoke the setters as needed. If it's doing this, it should be able to generate code to just use the new operator as well, rather than even constructing objects reflectively.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!