1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184
/* * @(#)AccessibleObject.java 1.29 06/07/11 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.lang.reflect; import java.security.AccessController; import sun.reflect.ReflectionFactory; import java.lang.annotation.Annotation; /** * The AccessibleObject class is the base class for Field, Method and * Constructor objects. It provides the ability to flag a reflected * object as suppressing default Java language access control checks * when it is used. The access checks--for public, default (package) * access, protected, and private members--are performed when Fields, * Methods or Constructors are used to set or get fields, to invoke * methods, or to create and initialize new instances of classes, * respectively. * * <p>Setting the <tt>accessible</tt> flag in a reflected object * permits sophisticated applications with sufficient privilege, such * as Java Object Serialization or other persistence mechanisms, to * manipulate objects in a manner that would normally be prohibited. * * @see Field * @see Method * @see Constructor * @see ReflectPermission * * @since 1.2 */ public class AccessibleObject implements AnnotatedElement { /** * The Permission object that is used to check whether a client * has sufficient privilege to defeat Java language access * control checks. */ static final private java.security.Permission ACCESS_PERMISSION = new ReflectPermission("suppressAccessChecks"); /** * Convenience method to set the <tt>accessible</tt> flag for an * array of objects with a single security check (for efficiency). * * <p>First, if there is a security manager, its * <code>checkPermission</code> method is called with a * <code>ReflectPermission("suppressAccessChecks")</code> permission. * * <p>A <code>SecurityException</code> is raised if <code>flag</code> is * <code>true</code> but accessibility of any of the elements of the input * <code>array</code> may not be changed (for example, if the element * object is a {@link Constructor} object for the class {@link * java.lang.Class}). In the event of such a SecurityException, the * accessibility of objects is set to <code>flag</code> for array elements * upto (and excluding) the element for which the exception occurred; the * accessibility of elements beyond (and including) the element for which * the exception occurred is unchanged. * * @param array the array of AccessibleObjects * @param flag the new value for the <tt>accessible</tt> flag * in each object * @throws SecurityException if the request is denied. * @see SecurityManager#checkPermission * @see java.lang.RuntimePermission */ public static void setAccessible(AccessibleObject[] array, boolean flag) throws SecurityException { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(ACCESS_PERMISSION); for (int i = 0; i < array.length; i++) { setAccessible0(array[i], flag); } } /** * Set the <tt>accessible</tt> flag for this object to * the indicated boolean value. A value of <tt>true</tt> indicates that * the reflected object should suppress Java language access * checking when it is used. A value of <tt>false</tt> indicates * that the reflected object should enforce Java language access checks. * * <p>First, if there is a security manager, its * <code>checkPermission</code> method is called with a * <code>ReflectPermission("suppressAccessChecks")</code> permission. * * <p>A <code>SecurityException</code> is raised if <code>flag</code> is * <code>true</code> but accessibility of this object may not be changed * (for example, if this element object is a {@link Constructor} object for * the class {@link java.lang.Class}). * * <p>A <code>SecurityException</code> is raised if this object is a {@link * java.lang.reflect.Constructor} object for the class * <code>java.lang.Class</code>, and <code>flag</code> is true. * * @param flag the new value for the <tt>accessible</tt> flag * @throws SecurityException if the request is denied. * @see SecurityManager#checkPermission * @see java.lang.RuntimePermission */ public void setAccessible(boolean flag) throws SecurityException { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(ACCESS_PERMISSION); setAccessible0(this, flag); } /* Check that you aren't exposing java.lang.Class.<init>. */ private static void setAccessible0(AccessibleObject obj, boolean flag) throws SecurityException { if (obj instanceof Constructor && flag == true) { Constructor c = (Constructor)obj; if (c.getDeclaringClass() == Class.class) { throw new SecurityException("Can not make a java.lang.Class" + " constructor accessible"); } } obj.override = flag; } /** * Get the value of the <tt>accessible</tt> flag for this object. * * @return the value of the object's <tt>accessible</tt> flag */ public boolean isAccessible() { return override; } /** * Constructor: only used by the Java Virtual Machine. */ protected AccessibleObject() {} // Indicates whether language-level access checks are overridden // by this object. Initializes to "false". This field is used by // Field, Method, and Constructor. // // NOTE: for security purposes, this field must not be visible // outside this package. boolean override; // Reflection factory used by subclasses for creating field, // method, and constructor accessors. Note that this is called // very early in the bootstrapping process. static final ReflectionFactory reflectionFactory = (ReflectionFactory) AccessController.doPrivileged (new sun.reflect.ReflectionFactory.GetReflectionFactoryAction()); /** * @throws NullPointerException {@inheritDoc} * @since 1.5 */ public <T extends Annotation> T getAnnotation(Class<T> annotationClass) { throw new AssertionError("All subclasses should override this method"); } /** * @throws NullPointerException {@inheritDoc} * @since 1.5 */ public boolean isAnnotationPresent( Class<? extends Annotation> annotationClass) { return getAnnotation(annotationClass) != null; } /** * @since 1.5 */ public Annotation[] getAnnotations() { return getDeclaredAnnotations(); } /** * @since 1.5 */ public Annotation[] getDeclaredAnnotations() { throw new AssertionError("All subclasses should override this method"); } }