1 /*
   2  * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang.reflect;
  27 
  28 import java.lang.annotation.Annotation;
  29 import java.security.AccessController;
  30 
  31 import jdk.internal.misc.VM;
  32 import jdk.internal.module.IllegalAccessLogger;
  33 import jdk.internal.reflect.CallerSensitive;
  34 import jdk.internal.reflect.Reflection;
  35 import jdk.internal.reflect.ReflectionFactory;
  36 import sun.security.action.GetPropertyAction;
  37 
  38 /**
  39  * The {@code AccessibleObject} class is the base class for {@code Field},
  40  * {@code Method}, and {@code Constructor} objects (known as <em>reflected
  41  * objects</em>). It provides the ability to flag a reflected object as
  42  * suppressing checks for Java language access control when it is used. This
  43  * permits sophisticated applications with sufficient privilege, such as Java
  44  * Object Serialization or other persistence mechanisms, to manipulate objects
  45  * in a manner that would normally be prohibited.
  46  *
  47  * <p> Java language access control prevents use of private members outside
  48  * their class; package access members outside their package; protected members
  49  * outside their package or subclasses; and public members outside their
  50  * module unless they are declared in an {@link Module#isExported(String,Module)
  51  * exported} package and the user {@link Module#canRead reads} their module. By
  52  * default, Java language access control is enforced (with one variation) when
  53  * {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
  54  * set fields, to invoke methods, or to create and initialize new instances of
  55  * classes, respectively. Every reflected object checks that the code using it
  56  * is in an appropriate class, package, or module. </p>
  57  *
  58  * <p> The one variation from Java language access control is that the checks
  59  * by reflected objects assume readability. That is, the module containing
  60  * the use of a reflected object is assumed to read the module in which
  61  * the underlying field, method, or constructor is declared. </p>
  62  *
  63  * <p> Whether the checks for Java language access control can be suppressed
  64  * (and thus, whether access can be enabled) depends on whether the reflected
  65  * object corresponds to a member in an exported or open package
  66  * (see {@link #setAccessible(boolean)}). </p>
  67  *
  68  * @jls 6.6 Access Control
  69  * @since 1.2
  70  * @revised 9
  71  * @spec JPMS
  72  */
  73 public class AccessibleObject implements AnnotatedElement {
  74 
  75     /**
  76      * The Permission object that is used to check whether a client
  77      * has sufficient privilege to defeat Java language access
  78      * control checks.
  79      */
  80     private static final java.security.Permission ACCESS_PERMISSION =
  81         new ReflectPermission("suppressAccessChecks");
  82 
  83     static void checkPermission() {
  84         SecurityManager sm = System.getSecurityManager();
  85         if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
  86     }
  87 
  88     /**
  89      * Convenience method to set the {@code accessible} flag for an
  90      * array of reflected objects with a single security check (for efficiency).
  91      *
  92      * <p> This method may be used to enable access to all reflected objects in
  93      * the array when access to each reflected object can be enabled as
  94      * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
  95      *
  96      * <p>If there is a security manager, its
  97      * {@code checkPermission} method is first called with a
  98      * {@code ReflectPermission("suppressAccessChecks")} permission.
  99      *
 100      * <p>A {@code SecurityException} is also thrown if any of the elements of
 101      * the input {@code array} is a {@link java.lang.reflect.Constructor}
 102      * object for the class {@code java.lang.Class} and {@code flag} is true.
 103      *
 104      * @param array the array of AccessibleObjects
 105      * @param flag  the new value for the {@code accessible} flag
 106      *              in each object
 107      * @throws InaccessibleObjectException if access cannot be enabled for all
 108      *         objects in the array
 109      * @throws SecurityException if the request is denied by the security manager
 110      *         or an element in the array is a constructor for {@code
 111      *         java.lang.Class}
 112      * @see SecurityManager#checkPermission
 113      * @see ReflectPermission
 114      * @revised 9
 115      * @spec JPMS
 116      */
 117     @CallerSensitive
 118     public static void setAccessible(AccessibleObject[] array, boolean flag) {
 119         checkPermission();
 120         if (flag) {
 121             Class<?> caller = Reflection.getCallerClass();
 122             array = array.clone();
 123             for (AccessibleObject ao : array) {
 124                 ao.checkCanSetAccessible(caller);
 125             }
 126         }
 127         for (AccessibleObject ao : array) {
 128             ao.setAccessible0(flag);
 129         }
 130     }
 131 
 132     /**
 133      * Set the {@code accessible} flag for this reflected object to
 134      * the indicated boolean value.  A value of {@code true} indicates that
 135      * the reflected object should suppress checks for Java language access
 136      * control when it is used. A value of {@code false} indicates that
 137      * the reflected object should enforce checks for Java language access
 138      * control when it is used, with the variation noted in the class description.
 139      *
 140      * <p> This method may be used by a caller in class {@code C} to enable
 141      * access to a {@link Member member} of {@link Member#getDeclaringClass()
 142      * declaring class} {@code D} if any of the following hold: </p>
 143      *
 144      * <ul>
 145      *     <li> {@code C} and {@code D} are in the same module. </li>
 146      *
 147      *     <li> The member is {@code public} and {@code D} is {@code public} in
 148      *     a package that the module containing {@code D} {@link
 149      *     Module#isExported(String,Module) exports} to at least the module
 150      *     containing {@code C}. </li>
 151      *
 152      *     <li> The member is {@code protected} {@code static}, {@code D} is
 153      *     {@code public} in a package that the module containing {@code D}
 154      *     exports to at least the module containing {@code C}, and {@code C}
 155      *     is a subclass of {@code D}. </li>
 156      *
 157      *     <li> {@code D} is in a package that the module containing {@code D}
 158      *     {@link Module#isOpen(String,Module) opens} to at least the module
 159      *     containing {@code C}.
 160      *     All packages in unnamed and open modules are open to all modules and
 161      *     so this method always succeeds when {@code D} is in an unnamed or
 162      *     open module. </li>
 163      * </ul>
 164      *
 165      * <p> This method cannot be used to enable access to private members,
 166      * members with default (package) access, protected instance members, or
 167      * protected constructors when the declaring class is in a different module
 168      * to the caller and the package containing the declaring class is not open
 169      * to the caller's module. </p>
 170      *
 171      * <p> If there is a security manager, its
 172      * {@code checkPermission} method is first called with a
 173      * {@code ReflectPermission("suppressAccessChecks")} permission.
 174      *
 175      * @param flag the new value for the {@code accessible} flag
 176      * @throws InaccessibleObjectException if access cannot be enabled
 177      * @throws SecurityException if the request is denied by the security manager
 178      * @see #trySetAccessible
 179      * @see java.lang.invoke.MethodHandles#privateLookupIn
 180      * @revised 9
 181      * @spec JPMS
 182      */
 183     public void setAccessible(boolean flag) {
 184         AccessibleObject.checkPermission();
 185         setAccessible0(flag);
 186     }
 187 
 188     /**
 189      * Sets the accessible flag and returns the new value
 190      */
 191     boolean setAccessible0(boolean flag) {
 192         this.override = flag;
 193         return flag;
 194     }
 195 
 196     /**
 197      * Set the {@code accessible} flag for this reflected object to {@code true}
 198      * if possible. This method sets the {@code accessible} flag, as if by
 199      * invoking {@link #setAccessible(boolean) setAccessible(true)}, and returns
 200      * the possibly-updated value for the {@code accessible} flag. If access
 201      * cannot be enabled, i.e. the checks or Java language access control cannot
 202      * be suppressed, this method returns {@code false} (as opposed to {@code
 203      * setAccessible(true)} throwing {@code InaccessibleObjectException} when
 204      * it fails).
 205      *
 206      * <p> This method is a no-op if the {@code accessible} flag for
 207      * this reflected object is {@code true}.
 208      *
 209      * <p> For example, a caller can invoke {@code trySetAccessible}
 210      * on a {@code Method} object for a private instance method
 211      * {@code p.T::privateMethod} to suppress the checks for Java language access
 212      * control when the {@code Method} is invoked.
 213      * If {@code p.T} class is in a different module to the caller and
 214      * package {@code p} is open to at least the caller's module,
 215      * the code below successfully sets the {@code accessible} flag
 216      * to {@code true}.
 217      *
 218      * <pre>
 219      * {@code
 220      *     p.T obj = ....;  // instance of p.T
 221      *     :
 222      *     Method m = p.T.class.getDeclaredMethod("privateMethod");
 223      *     if (m.trySetAccessible()) {
 224      *         m.invoke(obj);
 225      *     } else {
 226      *         // package p is not opened to the caller to access private member of T
 227      *         ...
 228      *     }
 229      * }</pre>
 230      *
 231      * <p> If there is a security manager, its {@code checkPermission} method
 232      * is first called with a {@code ReflectPermission("suppressAccessChecks")}
 233      * permission. </p>
 234      *
 235      * @return {@code true} if the {@code accessible} flag is set to {@code true};
 236      *         {@code false} if access cannot be enabled.
 237      * @throws SecurityException if the request is denied by the security manager
 238      *
 239      * @since 9
 240      * @spec JPMS
 241      * @see java.lang.invoke.MethodHandles#privateLookupIn
 242      */
 243     @CallerSensitive
 244     public final boolean trySetAccessible() {
 245         AccessibleObject.checkPermission();
 246 
 247         if (override == true) return true;
 248 
 249         // if it's not a Constructor, Method, Field then no access check
 250         if (!Member.class.isInstance(this)) {
 251             return setAccessible0(true);
 252         }
 253 
 254         // does not allow to suppress access check for Class's constructor
 255         Class<?> declaringClass = ((Member) this).getDeclaringClass();
 256         if (declaringClass == Class.class && this instanceof Constructor) {
 257             return false;
 258         }
 259 
 260         if (checkCanSetAccessible(Reflection.getCallerClass(),
 261                                   declaringClass,
 262                                   false)) {
 263             return setAccessible0(true);
 264         } else {
 265             return false;
 266         }
 267     }
 268 
 269 
 270    /**
 271     * If the given AccessibleObject is a {@code Constructor}, {@code Method}
 272     * or {@code Field} then checks that its declaring class is in a package
 273     * that can be accessed by the given caller of setAccessible.
 274     */
 275     void checkCanSetAccessible(Class<?> caller) {
 276         // do nothing, needs to be overridden by Constructor, Method, Field
 277     }
 278 
 279 
 280     void checkCanSetAccessible(Class<?> caller, Class<?> declaringClass) {
 281         checkCanSetAccessible(caller, declaringClass, true);
 282     }
 283 
 284     private boolean checkCanSetAccessible(Class<?> caller,
 285                                           Class<?> declaringClass,
 286                                           boolean throwExceptionIfDenied) {
 287         int modifiers;
 288         if (this instanceof Executable) {
 289             modifiers = ((Executable) this).getModifiers();
 290         } else {
 291             modifiers = ((Field) this).getModifiers();
 292         }
 293 
 294         // does not allow to suppress access check for Value class's
 295         // constructor or field
 296         if (declaringClass.isValue()) {
 297             if (this instanceof Constructor) return false;
 298             if (this instanceof Field && Modifier.isFinal(modifiers)) return false;
 299         }
 300 
 301         Module callerModule = caller.getModule();
 302         Module declaringModule = declaringClass.getModule();
 303 
 304         if (callerModule == declaringModule) return true;
 305         if (callerModule == Object.class.getModule()) return true;
 306         if (!declaringModule.isNamed()) return true;
 307 
 308         // class is public and package is exported to caller
 309         boolean isClassPublic = Modifier.isPublic(declaringClass.getModifiers());
 310         String pn = declaringClass.getPackageName();
 311         if (isClassPublic && declaringModule.isExported(pn, callerModule)) {
 312             // member is public
 313             if (Modifier.isPublic(modifiers)) {
 314                 logIfExportedForIllegalAccess(caller, declaringClass);
 315                 return true;
 316             }
 317 
 318             // member is protected-static
 319             if (Modifier.isProtected(modifiers)
 320                 && Modifier.isStatic(modifiers)
 321                 && isSubclassOf(caller, declaringClass)) {
 322                 logIfExportedForIllegalAccess(caller, declaringClass);
 323                 return true;
 324             }
 325         }
 326 
 327         // package is open to caller
 328         if (declaringModule.isOpen(pn, callerModule)) {
 329             logIfOpenedForIllegalAccess(caller, declaringClass);
 330             return true;
 331         }
 332 
 333         if (throwExceptionIfDenied) {
 334             // not accessible
 335             String msg = "Unable to make ";
 336             if (this instanceof Field)
 337                 msg += "field ";
 338             msg += this + " accessible: " + declaringModule + " does not \"";
 339             if (isClassPublic && Modifier.isPublic(modifiers))
 340                 msg += "exports";
 341             else
 342                 msg += "opens";
 343             msg += " " + pn + "\" to " + callerModule;
 344             InaccessibleObjectException e = new InaccessibleObjectException(msg);
 345             if (printStackTraceWhenAccessFails()) {
 346                 e.printStackTrace(System.err);
 347             }
 348             throw e;
 349         }
 350         return false;
 351     }
 352 
 353     private boolean isSubclassOf(Class<?> queryClass, Class<?> ofClass) {
 354         while (queryClass != null) {
 355             if (queryClass == ofClass) {
 356                 return true;
 357             }
 358             queryClass = queryClass.getSuperclass();
 359         }
 360         return false;
 361     }
 362 
 363     private void logIfOpenedForIllegalAccess(Class<?> caller, Class<?> declaringClass) {
 364         Module callerModule = caller.getModule();
 365         Module targetModule = declaringClass.getModule();
 366         // callerModule is null during early startup
 367         if (callerModule != null && !callerModule.isNamed() && targetModule.isNamed()) {
 368             IllegalAccessLogger logger = IllegalAccessLogger.illegalAccessLogger();
 369             if (logger != null) {
 370                 logger.logIfOpenedForIllegalAccess(caller, declaringClass, this::toShortString);
 371             }
 372         }
 373     }
 374 
 375     private void logIfExportedForIllegalAccess(Class<?> caller, Class<?> declaringClass) {
 376         Module callerModule = caller.getModule();
 377         Module targetModule = declaringClass.getModule();
 378         // callerModule is null during early startup
 379         if (callerModule != null && !callerModule.isNamed() && targetModule.isNamed()) {
 380             IllegalAccessLogger logger = IllegalAccessLogger.illegalAccessLogger();
 381             if (logger != null) {
 382                 logger.logIfExportedForIllegalAccess(caller, declaringClass, this::toShortString);
 383             }
 384         }
 385     }
 386 
 387     /**
 388      * Returns a short descriptive string to describe this object in log messages.
 389      */
 390     String toShortString() {
 391         return toString();
 392     }
 393 
 394     /**
 395      * Get the value of the {@code accessible} flag for this reflected object.
 396      *
 397      * @return the value of the object's {@code accessible} flag
 398      *
 399      * @deprecated
 400      * This method is deprecated because its name hints that it checks
 401      * if the reflected object is accessible when it actually indicates
 402      * if the checks for Java language access control are suppressed.
 403      * This method may return {@code false} on a reflected object that is
 404      * accessible to the caller. To test if this reflected object is accessible,
 405      * it should use {@link #canAccess(Object)}.
 406      *
 407      * @revised 9
 408      * @spec JPMS
 409      */
 410     @Deprecated(since="9")
 411     public boolean isAccessible() {
 412         return override;
 413     }
 414 
 415     /**
 416      * Test if the caller can access this reflected object. If this reflected
 417      * object corresponds to an instance method or field then this method tests
 418      * if the caller can access the given {@code obj} with the reflected object.
 419      * For instance methods or fields then the {@code obj} argument must be an
 420      * instance of the {@link Member#getDeclaringClass() declaring class}. For
 421      * static members and constructors then {@code obj} must be {@code null}.
 422      *
 423      * <p> This method returns {@code true} if the {@code accessible} flag
 424      * is set to {@code true}, i.e. the checks for Java language access control
 425      * are suppressed, or if the caller can access the member as
 426      * specified in <cite>The Java&trade; Language Specification</cite>,
 427      * with the variation noted in the class description. </p>
 428      *
 429      * @param obj an instance object of the declaring class of this reflected
 430      *            object if it is an instance method or field
 431      *
 432      * @return {@code true} if the caller can access this reflected object.
 433      *
 434      * @throws IllegalArgumentException
 435      *         <ul>
 436      *         <li> if this reflected object is a static member or constructor and
 437      *              the given {@code obj} is non-{@code null}, or </li>
 438      *         <li> if this reflected object is an instance method or field
 439      *              and the given {@code obj} is {@code null} or of type
 440      *              that is not a subclass of the {@link Member#getDeclaringClass()
 441      *              declaring class} of the member.</li>
 442      *         </ul>
 443      *
 444      * @since 9
 445      * @spec JPMS
 446      * @jls 6.6 Access Control
 447      * @see #trySetAccessible
 448      * @see #setAccessible(boolean)
 449      */
 450     @CallerSensitive
 451     public final boolean canAccess(Object obj) {
 452         if (!Member.class.isInstance(this)) {
 453             return override;
 454         }
 455 
 456         Class<?> declaringClass = ((Member) this).getDeclaringClass();
 457         int modifiers = ((Member) this).getModifiers();
 458         if (!Modifier.isStatic(modifiers) &&
 459                 (this instanceof Method || this instanceof Field)) {
 460             if (obj == null) {
 461                 throw new IllegalArgumentException("null object for " + this);
 462             }
 463             // if this object is an instance member, the given object
 464             // must be a subclass of the declaring class of this reflected object
 465             if (!declaringClass.isAssignableFrom(obj.getClass())) {
 466                 throw new IllegalArgumentException("object is not an instance of "
 467                                                    + declaringClass.getName());
 468             }
 469         } else if (obj != null) {
 470             throw new IllegalArgumentException("non-null object for " + this);
 471         }
 472 
 473         // access check is suppressed
 474         if (override) return true;
 475 
 476         Class<?> caller = Reflection.getCallerClass();
 477         Class<?> targetClass;
 478         if (this instanceof Constructor) {
 479             targetClass = declaringClass;
 480         } else {
 481             targetClass = Modifier.isStatic(modifiers) ? null : obj.getClass();
 482         }
 483         return verifyAccess(caller, declaringClass, targetClass, modifiers);
 484     }
 485 
 486     /**
 487      * Constructor: only used by the Java Virtual Machine.
 488      */
 489     protected AccessibleObject() {}
 490 
 491     // Indicates whether language-level access checks are overridden
 492     // by this object. Initializes to "false". This field is used by
 493     // Field, Method, and Constructor.
 494     //
 495     // NOTE: for security purposes, this field must not be visible
 496     // outside this package.
 497     boolean override;
 498 
 499     // Reflection factory used by subclasses for creating field,
 500     // method, and constructor accessors. Note that this is called
 501     // very early in the bootstrapping process.
 502     static final ReflectionFactory reflectionFactory =
 503         AccessController.doPrivileged(
 504             new ReflectionFactory.GetReflectionFactoryAction());
 505 
 506     /**
 507      * @throws NullPointerException {@inheritDoc}
 508      * @since 1.5
 509      */
 510     public <T extends Annotation> T getAnnotation(Class<T> annotationClass) {
 511         throw new AssertionError("All subclasses should override this method");
 512     }
 513 
 514     /**
 515      * {@inheritDoc}
 516      * @throws NullPointerException {@inheritDoc}
 517      * @since 1.5
 518      */
 519     @Override
 520     public boolean isAnnotationPresent(Class<? extends Annotation> annotationClass) {
 521         return AnnotatedElement.super.isAnnotationPresent(annotationClass);
 522     }
 523 
 524     /**
 525      * @throws NullPointerException {@inheritDoc}
 526      * @since 1.8
 527      */
 528     @Override
 529     public <T extends Annotation> T[] getAnnotationsByType(Class<T> annotationClass) {
 530         throw new AssertionError("All subclasses should override this method");
 531     }
 532 
 533     /**
 534      * @since 1.5
 535      */
 536     public Annotation[] getAnnotations() {
 537         return getDeclaredAnnotations();
 538     }
 539 
 540     /**
 541      * @throws NullPointerException {@inheritDoc}
 542      * @since 1.8
 543      */
 544     @Override
 545     public <T extends Annotation> T getDeclaredAnnotation(Class<T> annotationClass) {
 546         // Only annotations on classes are inherited, for all other
 547         // objects getDeclaredAnnotation is the same as
 548         // getAnnotation.
 549         return getAnnotation(annotationClass);
 550     }
 551 
 552     /**
 553      * @throws NullPointerException {@inheritDoc}
 554      * @since 1.8
 555      */
 556     @Override
 557     public <T extends Annotation> T[] getDeclaredAnnotationsByType(Class<T> annotationClass) {
 558         // Only annotations on classes are inherited, for all other
 559         // objects getDeclaredAnnotationsByType is the same as
 560         // getAnnotationsByType.
 561         return getAnnotationsByType(annotationClass);
 562     }
 563 
 564     /**
 565      * @since 1.5
 566      */
 567     public Annotation[] getDeclaredAnnotations()  {
 568         throw new AssertionError("All subclasses should override this method");
 569     }
 570 
 571 
 572     // Shared access checking logic.
 573 
 574     // For non-public members or members in package-private classes,
 575     // it is necessary to perform somewhat expensive security checks.
 576     // If the security check succeeds for a given class, it will
 577     // always succeed (it is not affected by the granting or revoking
 578     // of permissions); we speed up the check in the common case by
 579     // remembering the last Class for which the check succeeded.
 580     //
 581     // The simple security check for Constructor is to see if
 582     // the caller has already been seen, verified, and cached.
 583     // (See also Class.newInstance(), which uses a similar method.)
 584     //
 585     // A more complicated security check cache is needed for Method and Field
 586     // The cache can be either null (empty cache), a 2-array of {caller,targetClass},
 587     // or a caller (with targetClass implicitly equal to memberClass).
 588     // In the 2-array case, the targetClass is always different from the memberClass.
 589     volatile Object securityCheckCache;
 590 
 591     final void checkAccess(Class<?> caller, Class<?> memberClass,
 592                            Class<?> targetClass, int modifiers)
 593         throws IllegalAccessException
 594     {
 595         if (!verifyAccess(caller, memberClass, targetClass, modifiers)) {
 596             IllegalAccessException e = Reflection.newIllegalAccessException(
 597                 caller, memberClass, targetClass, modifiers);
 598             if (printStackTraceWhenAccessFails()) {
 599                 e.printStackTrace(System.err);
 600             }
 601             throw e;
 602         }
 603     }
 604 
 605     final boolean verifyAccess(Class<?> caller, Class<?> memberClass,
 606                                Class<?> targetClass, int modifiers)
 607     {
 608         if (caller == memberClass) {  // quick check
 609             return true;             // ACCESS IS OK
 610         }
 611         Object cache = securityCheckCache;  // read volatile
 612         if (targetClass != null // instance member or constructor
 613             && Modifier.isProtected(modifiers)
 614             && targetClass != memberClass) {
 615             // Must match a 2-list of { caller, targetClass }.
 616             if (cache instanceof Class[]) {
 617                 Class<?>[] cache2 = (Class<?>[]) cache;
 618                 if (cache2[1] == targetClass &&
 619                     cache2[0] == caller) {
 620                     return true;     // ACCESS IS OK
 621                 }
 622                 // (Test cache[1] first since range check for [1]
 623                 // subsumes range check for [0].)
 624             }
 625         } else if (cache == caller) {
 626             // Non-protected case (or targetClass == memberClass or static member).
 627             return true;             // ACCESS IS OK
 628         }
 629 
 630         // If no return, fall through to the slow path.
 631         return slowVerifyAccess(caller, memberClass, targetClass, modifiers);
 632     }
 633 
 634     // Keep all this slow stuff out of line:
 635     private boolean slowVerifyAccess(Class<?> caller, Class<?> memberClass,
 636                                      Class<?> targetClass, int modifiers)
 637     {
 638         if (!Reflection.verifyMemberAccess(caller, memberClass, targetClass, modifiers)) {
 639             // access denied
 640             return false;
 641         }
 642 
 643         // access okay
 644         logIfExportedForIllegalAccess(caller, memberClass);
 645 
 646         // Success: Update the cache.
 647         Object cache = (targetClass != null
 648                         && Modifier.isProtected(modifiers)
 649                         && targetClass != memberClass)
 650                         ? new Class<?>[] { caller, targetClass }
 651                         : caller;
 652 
 653         // Note:  The two cache elements are not volatile,
 654         // but they are effectively final.  The Java memory model
 655         // guarantees that the initializing stores for the cache
 656         // elements will occur before the volatile write.
 657         securityCheckCache = cache;         // write volatile
 658         return true;
 659     }
 660 
 661     // true to print a stack trace when access fails
 662     private static volatile boolean printStackWhenAccessFails;
 663 
 664     // true if printStack* values are initialized
 665     private static volatile boolean printStackPropertiesSet;
 666 
 667     /**
 668      * Returns true if a stack trace should be printed when access fails.
 669      */
 670     private static boolean printStackTraceWhenAccessFails() {
 671         if (!printStackPropertiesSet && VM.initLevel() >= 1) {
 672             String s = GetPropertyAction.privilegedGetProperty(
 673                     "sun.reflect.debugModuleAccessChecks");
 674             if (s != null) {
 675                 printStackWhenAccessFails = !s.equalsIgnoreCase("false");
 676             }
 677             printStackPropertiesSet = true;
 678         }
 679         return printStackWhenAccessFails;
 680     }
 681 }