/* * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.lang.reflect; import java.lang.annotation.Annotation; import java.security.AccessController; import jdk.internal.misc.VM; import jdk.internal.reflect.CallerSensitive; import jdk.internal.reflect.Reflection; import jdk.internal.reflect.ReflectionFactory; import sun.security.action.GetPropertyAction; /** * The AccessibleObject class is the base class for Field, Method and * Constructor objects. It provides the ability to flag a reflected * object as suppressing default Java language access control checks * when it is used. The access checks -- module boundaries, * public, default (package) access, protected, and private members -- * are performed when Fields, Methods or Constructors are used to set * or get fields, to invoke methods or to create and initialize new * instances of classes, respectively. Unlike access control specified * in the The Java™ Language Specification and * The Java Virtual Machine Specification, access checks * with reflected objects assume {@link Module#canRead readability}. * *
Setting the {@code accessible} flag in a reflected object * permits sophisticated applications with sufficient privilege, such * as Java Object Serialization or other persistence mechanisms, to * manipulate objects in a manner that would normally be prohibited. * *
By default, a reflected object is not accessible. * * @see Field * @see Method * @see Constructor * @see ReflectPermission * * @since 1.2 */ public class AccessibleObject implements AnnotatedElement { /** * The Permission object that is used to check whether a client * has sufficient privilege to defeat Java language access * control checks. */ private static final java.security.Permission ACCESS_PERMISSION = new ReflectPermission("suppressAccessChecks"); static void checkPermission() { SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(ACCESS_PERMISSION); } /** * Convenience method to set the {@code accessible} flag for an * array of objects with a single security check (for efficiency). * *
This method cannot be used to enable access to an object that is a * {@link Member member} of a class in a different module to the caller and * where the class is in a package that is not exported to the caller's * module. Additionally, if the member is non-public or its declaring * class is non-public, then this method can only be used to enable access * if the package is {@link Module#isOpen(String,Module) open} to at least * the caller's module. * *
If there is a security manager, its * {@code checkPermission} method is first called with a * {@code ReflectPermission("suppressAccessChecks")} permission. * *
A {@code SecurityException} is also thrown if any of the elements of * the input {@code array} is a {@link java.lang.reflect.Constructor} * object for the class {@code java.lang.Class} and {@code flag} is true. * * @param array the array of AccessibleObjects * @param flag the new value for the {@code accessible} flag * in each object * @throws InaccessibleObjectException if access cannot be enabled * @throws SecurityException if the request is denied. * @see SecurityManager#checkPermission * @see ReflectPermission */ @CallerSensitive public static void setAccessible(AccessibleObject[] array, boolean flag) { checkPermission(); if (flag) { Class> caller = Reflection.getCallerClass(); array = array.clone(); for (AccessibleObject ao : array) { ao.checkCanSetAccessible(caller); } } for (AccessibleObject ao : array) { ao.setAccessible0(flag); } } /** * Set the {@code accessible} flag for this object to * the indicated boolean value. A value of {@code true} indicates that * the reflected object should suppress Java language access * checking when it is used. A value of {@code false} indicates * that the reflected object should enforce Java language access checks * while assuming readability (as noted in the class description). * *
This method cannot be used to enable access to an object that is a * {@link Member member} of a class in a different module to the caller and * where the class is in a package that is not exported to the caller's * module. Additionally, if the member is non-public or its declaring * class is non-public, then this method can only be used to enable access * if the package is {@link Module#isOpen(String,Module) open} to at least * the caller's module. * *
If there is a security manager, its
* {@code checkPermission} method is first called with a
* {@code ReflectPermission("suppressAccessChecks")} permission.
*
* @param flag the new value for the {@code accessible} flag
* @throws InaccessibleObjectException if access cannot be enabled
* @throws SecurityException if the request is denied
* @see SecurityManager#checkPermission
* @see ReflectPermission
* @see java.lang.invoke.MethodHandles#privateLookupIn
*/
public void setAccessible(boolean flag) {
AccessibleObject.checkPermission();
setAccessible0(flag);
}
void setAccessible0(boolean flag) {
this.override = flag;
}
/**
* If the given AccessibleObject is a {@code Constructor}, {@code Method}
* or {@code Field} then checks that its declaring class is in a package
* that can be accessed by the given caller of setAccessible.
*/
void checkCanSetAccessible(Class> caller) {
// do nothing, needs to be overridden by Constructor, Method, Field
}
void checkCanSetAccessible(Class> caller, Class> declaringClass) {
Module callerModule = caller.getModule();
Module declaringModule = declaringClass.getModule();
if (callerModule == declaringModule) return;
if (callerModule == Object.class.getModule()) return;
if (!declaringModule.isNamed()) return;
// package is open to caller
String pn = packageName(declaringClass);
if (declaringModule.isOpen(pn, callerModule)) {
printStackTraceIfOpenedReflectively(declaringModule, pn, callerModule);
return;
}
// package is exported to caller and class/member is public
boolean isExported = declaringModule.isExported(pn, callerModule);
boolean isClassPublic = Modifier.isPublic(declaringClass.getModifiers());
int modifiers;
if (this instanceof Executable) {
modifiers = ((Executable) this).getModifiers();
} else {
modifiers = ((Field) this).getModifiers();
}
boolean isMemberPublic = Modifier.isPublic(modifiers);
if (isExported && isClassPublic && isMemberPublic) {
printStackTraceIfExportedReflectively(declaringModule, pn, callerModule);
return;
}
// not accessible
String msg = "Unable to make ";
if (this instanceof Field)
msg += "field ";
msg += this + " accessible: " + declaringModule + " does not \"";
if (isClassPublic && isMemberPublic)
msg += "exports";
else
msg += "opens";
msg += " " + pn + "\" to " + callerModule;
InaccessibleObjectException e = new InaccessibleObjectException(msg);
if (Reflection.printStackTraceWhenAccessFails()) {
e.printStackTrace(System.err);
}
throw e;
}
private void printStackTraceIfOpenedReflectively(Module module,
String pn,
Module other) {
printStackTraceIfExposedReflectively(module, pn, other, true);
}
private void printStackTraceIfExportedReflectively(Module module,
String pn,
Module other) {
printStackTraceIfExposedReflectively(module, pn, other, false);
}
private static class WARNING extends Exception {
private static final long serialVersionUID = 42L;
private WARNING(String msg) {
super(msg);
}
public String toString() {
return "WARNING: " + getMessage();
}
}
private void printStackTraceIfExposedReflectively(Module module,
String pn,
Module other,
boolean open) {
if (Reflection.printStackTraceWhenAccessSucceeds()
&& !module.isStaticallyExportedOrOpen(pn, other, open)) {
String msg = other + " allowed to invoke setAccessible on ";
if (this instanceof Field)
msg += "field ";
msg += this;
new WARNING(msg).printStackTrace(System.err);
}
}
/**
* Returns the package name of the given class.
*/
private static String packageName(Class> c) {
while (c.isArray()) {
c = c.getComponentType();
}
String pn = c.getPackageName();
return (pn != null) ? pn : "";
}
/**
* Get the value of the {@code accessible} flag for this object.
*
* @return the value of the object's {@code accessible} flag
*/
public boolean isAccessible() {
return override;
}
/**
* Constructor: only used by the Java Virtual Machine.
*/
protected AccessibleObject() {}
// Indicates whether language-level access checks are overridden
// by this object. Initializes to "false". This field is used by
// Field, Method, and Constructor.
//
// NOTE: for security purposes, this field must not be visible
// outside this package.
boolean override;
// Reflection factory used by subclasses for creating field,
// method, and constructor accessors. Note that this is called
// very early in the bootstrapping process.
static final ReflectionFactory reflectionFactory =
AccessController.doPrivileged(
new ReflectionFactory.GetReflectionFactoryAction());
/**
* @throws NullPointerException {@inheritDoc}
* @since 1.5
*/
public