13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang.reflect;
  27 
  28 import java.lang.annotation.Annotation;
  29 import java.lang.invoke.MethodHandle;
  30 import java.lang.ref.WeakReference;
  31 import java.security.AccessController;
  32 

  33 import jdk.internal.misc.VM;
  34 import jdk.internal.module.IllegalAccessLogger;
  35 import jdk.internal.reflect.CallerSensitive;
  36 import jdk.internal.reflect.Reflection;
  37 import jdk.internal.reflect.ReflectionFactory;
  38 import sun.security.action.GetPropertyAction;
  39 import sun.security.util.SecurityConstants;
  40 
  41 /**
  42  * The {@code AccessibleObject} class is the base class for {@code Field},
  43  * {@code Method}, and {@code Constructor} objects (known as <em>reflected
  44  * objects</em>). It provides the ability to flag a reflected object as
  45  * suppressing checks for Java language access control when it is used. This
  46  * permits sophisticated applications with sufficient privilege, such as Java
  47  * Object Serialization or other persistence mechanisms, to manipulate objects
  48  * in a manner that would normally be prohibited.
  49  *
  50  * <p> Java language access control prevents use of private members outside
  51  * their top-level class; package access members outside their package; protected members
  52  * outside their package or subclasses; and public members outside their

  60  * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
  61  * class on the stack only succeeds if the member and the declaring class are
  62  * public, and the class is in a package that is exported to all modules. </p>
  63  *
  64  * <p> The one variation from Java language access control is that the checks
  65  * by reflected objects assume readability. That is, the module containing
  66  * the use of a reflected object is assumed to read the module in which
  67  * the underlying field, method, or constructor is declared. </p>
  68  *
  69  * <p> Whether the checks for Java language access control can be suppressed
  70  * (and thus, whether access can be enabled) depends on whether the reflected
  71  * object corresponds to a member in an exported or open package
  72  * (see {@link #setAccessible(boolean)}). </p>
  73  *
  74  * @jls 6.6 Access Control
  75  * @since 1.2
  76  * @revised 9
  77  * @spec JPMS
  78  */
  79 public class AccessibleObject implements AnnotatedElement {




  80 
  81     static void checkPermission() {
  82         SecurityManager sm = System.getSecurityManager();
  83         if (sm != null) {
  84             // SecurityConstants.ACCESS_PERMISSION is used to check
  85             // whether a client has sufficient privilege to defeat Java
  86             // language access control checks.
  87             sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
  88         }
  89     }
  90 
  91     /**
  92      * Convenience method to set the {@code accessible} flag for an
  93      * array of reflected objects with a single security check (for efficiency).
  94      *
  95      * <p> This method may be used to enable access to all reflected objects in
  96      * the array when access to each reflected object can be enabled as
  97      * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
  98      *
  99      * <p>If there is a security manager, its

  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang.reflect;
  27 
  28 import java.lang.annotation.Annotation;
  29 import java.lang.invoke.MethodHandle;
  30 import java.lang.ref.WeakReference;
  31 import java.security.AccessController;
  32 
  33 import jdk.internal.access.SharedSecrets;
  34 import jdk.internal.misc.VM;
  35 import jdk.internal.module.IllegalAccessLogger;
  36 import jdk.internal.reflect.CallerSensitive;
  37 import jdk.internal.reflect.Reflection;
  38 import jdk.internal.reflect.ReflectionFactory;
  39 import sun.security.action.GetPropertyAction;
  40 import sun.security.util.SecurityConstants;
  41 
  42 /**
  43  * The {@code AccessibleObject} class is the base class for {@code Field},
  44  * {@code Method}, and {@code Constructor} objects (known as <em>reflected
  45  * objects</em>). It provides the ability to flag a reflected object as
  46  * suppressing checks for Java language access control when it is used. This
  47  * permits sophisticated applications with sufficient privilege, such as Java
  48  * Object Serialization or other persistence mechanisms, to manipulate objects
  49  * in a manner that would normally be prohibited.
  50  *
  51  * <p> Java language access control prevents use of private members outside
  52  * their top-level class; package access members outside their package; protected members
  53  * outside their package or subclasses; and public members outside their

  61  * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
  62  * class on the stack only succeeds if the member and the declaring class are
  63  * public, and the class is in a package that is exported to all modules. </p>
  64  *
  65  * <p> The one variation from Java language access control is that the checks
  66  * by reflected objects assume readability. That is, the module containing
  67  * the use of a reflected object is assumed to read the module in which
  68  * the underlying field, method, or constructor is declared. </p>
  69  *
  70  * <p> Whether the checks for Java language access control can be suppressed
  71  * (and thus, whether access can be enabled) depends on whether the reflected
  72  * object corresponds to a member in an exported or open package
  73  * (see {@link #setAccessible(boolean)}). </p>
  74  *
  75  * @jls 6.6 Access Control
  76  * @since 1.2
  77  * @revised 9
  78  * @spec JPMS
  79  */
  80 public class AccessibleObject implements AnnotatedElement {
  81     static {
  82         // AccessibleObject is initialized early in initPhase1
  83         SharedSecrets.setJavaLangReflectAccess(new java.lang.reflect.ReflectAccess());
  84     }
  85 
  86     static void checkPermission() {
  87         SecurityManager sm = System.getSecurityManager();
  88         if (sm != null) {
  89             // SecurityConstants.ACCESS_PERMISSION is used to check
  90             // whether a client has sufficient privilege to defeat Java
  91             // language access control checks.
  92             sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
  93         }
  94     }
  95 
  96     /**
  97      * Convenience method to set the {@code accessible} flag for an
  98      * array of reflected objects with a single security check (for efficiency).
  99      *
 100      * <p> This method may be used to enable access to all reflected objects in
 101      * the array when access to each reflected object can be enabled as
 102      * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
 103      *
 104      * <p>If there is a security manager, its