jtulach@258: /* jtulach@258: * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved. jtulach@258: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. jtulach@258: * jtulach@258: * This code is free software; you can redistribute it and/or modify it jtulach@258: * under the terms of the GNU General Public License version 2 only, as jtulach@258: * published by the Free Software Foundation. Oracle designates this jtulach@258: * particular file as subject to the "Classpath" exception as provided jtulach@258: * by Oracle in the LICENSE file that accompanied this code. jtulach@258: * jtulach@258: * This code is distributed in the hope that it will be useful, but WITHOUT jtulach@258: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or jtulach@258: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License jtulach@258: * version 2 for more details (a copy is included in the LICENSE file that jtulach@258: * accompanied this code). jtulach@258: * jtulach@258: * You should have received a copy of the GNU General Public License version jtulach@258: * 2 along with this work; if not, write to the Free Software Foundation, jtulach@258: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. jtulach@258: * jtulach@258: * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA jtulach@258: * or visit www.oracle.com if you need additional information or have any jtulach@258: * questions. jtulach@258: */ jtulach@258: jtulach@258: package java.lang.reflect; jtulach@258: jtulach@258: import java.security.AccessController; jtulach@258: import sun.reflect.Reflection; jtulach@258: import sun.reflect.ReflectionFactory; jtulach@258: import java.lang.annotation.Annotation; jtulach@258: jtulach@258: /** jtulach@258: * The AccessibleObject class is the base class for Field, Method and jtulach@258: * Constructor objects. It provides the ability to flag a reflected jtulach@258: * object as suppressing default Java language access control checks jtulach@258: * when it is used. The access checks--for public, default (package) jtulach@258: * access, protected, and private members--are performed when Fields, jtulach@258: * Methods or Constructors are used to set or get fields, to invoke jtulach@258: * methods, or to create and initialize new instances of classes, jtulach@258: * respectively. jtulach@258: * jtulach@258: *
Setting the {@code accessible} flag in a reflected object jtulach@258: * permits sophisticated applications with sufficient privilege, such jtulach@258: * as Java Object Serialization or other persistence mechanisms, to jtulach@258: * manipulate objects in a manner that would normally be prohibited. jtulach@258: * jtulach@258: *
By default, a reflected object is not accessible. jtulach@258: * jtulach@258: * @see Field jtulach@258: * @see Method jtulach@258: * @see Constructor jtulach@258: * @see ReflectPermission jtulach@258: * jtulach@258: * @since 1.2 jtulach@258: */ jtulach@258: public class AccessibleObject implements AnnotatedElement { jtulach@258: jtulach@258: /** jtulach@258: * The Permission object that is used to check whether a client jtulach@258: * has sufficient privilege to defeat Java language access jtulach@258: * control checks. jtulach@258: */ jtulach@258: static final private java.security.Permission ACCESS_PERMISSION = jtulach@258: new ReflectPermission("suppressAccessChecks"); jtulach@258: jtulach@258: /** jtulach@258: * Convenience method to set the {@code accessible} flag for an jtulach@258: * array of objects with a single security check (for efficiency). jtulach@258: * jtulach@258: *
First, if there is a security manager, its jtulach@258: * {@code checkPermission} method is called with a jtulach@258: * {@code ReflectPermission("suppressAccessChecks")} permission. jtulach@258: * jtulach@258: *
A {@code SecurityException} is raised if {@code flag} is jtulach@258: * {@code true} but accessibility of any of the elements of the input jtulach@258: * {@code array} may not be changed (for example, if the element jtulach@258: * object is a {@link Constructor} object for the class {@link jtulach@258: * java.lang.Class}). In the event of such a SecurityException, the jtulach@258: * accessibility of objects is set to {@code flag} for array elements jtulach@258: * upto (and excluding) the element for which the exception occurred; the jtulach@258: * accessibility of elements beyond (and including) the element for which jtulach@258: * the exception occurred is unchanged. jtulach@258: * jtulach@258: * @param array the array of AccessibleObjects jtulach@258: * @param flag the new value for the {@code accessible} flag jtulach@258: * in each object jtulach@258: * @throws SecurityException if the request is denied. jtulach@258: * @see SecurityManager#checkPermission jtulach@258: * @see java.lang.RuntimePermission jtulach@258: */ jtulach@258: public static void setAccessible(AccessibleObject[] array, boolean flag) jtulach@258: throws SecurityException { jtulach@258: SecurityManager sm = System.getSecurityManager(); jtulach@258: if (sm != null) sm.checkPermission(ACCESS_PERMISSION); jtulach@258: for (int i = 0; i < array.length; i++) { jtulach@258: setAccessible0(array[i], flag); jtulach@258: } jtulach@258: } jtulach@258: jtulach@258: /** jtulach@258: * Set the {@code accessible} flag for this object to jtulach@258: * the indicated boolean value. A value of {@code true} indicates that jtulach@258: * the reflected object should suppress Java language access jtulach@258: * checking when it is used. A value of {@code false} indicates jtulach@258: * that the reflected object should enforce Java language access checks. jtulach@258: * jtulach@258: *
First, if there is a security manager, its jtulach@258: * {@code checkPermission} method is called with a jtulach@258: * {@code ReflectPermission("suppressAccessChecks")} permission. jtulach@258: * jtulach@258: *
A {@code SecurityException} is raised if {@code flag} is jtulach@258: * {@code true} but accessibility of this object may not be changed jtulach@258: * (for example, if this element object is a {@link Constructor} object for jtulach@258: * the class {@link java.lang.Class}). jtulach@258: * jtulach@258: *
A {@code SecurityException} is raised if this object is a {@link
jtulach@258: * java.lang.reflect.Constructor} object for the class
jtulach@258: * {@code java.lang.Class}, and {@code flag} is true.
jtulach@258: *
jtulach@258: * @param flag the new value for the {@code accessible} flag
jtulach@258: * @throws SecurityException if the request is denied.
jtulach@258: * @see SecurityManager#checkPermission
jtulach@258: * @see java.lang.RuntimePermission
jtulach@258: */
jtulach@258: public void setAccessible(boolean flag) throws SecurityException {
jtulach@258: SecurityManager sm = System.getSecurityManager();
jtulach@258: if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
jtulach@258: setAccessible0(this, flag);
jtulach@258: }
jtulach@258:
jtulach@258: /* Check that you aren't exposing java.lang.Class.