13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang.reflect;
27
28 import java.lang.annotation.Annotation;
29 import java.lang.invoke.MethodHandle;
30 import java.lang.ref.WeakReference;
31 import java.security.AccessController;
32
33 import jdk.internal.misc.VM;
34 import jdk.internal.module.IllegalAccessLogger;
35 import jdk.internal.reflect.CallerSensitive;
36 import jdk.internal.reflect.Reflection;
37 import jdk.internal.reflect.ReflectionFactory;
38 import sun.security.action.GetPropertyAction;
39 import sun.security.util.SecurityConstants;
40
41 /**
42 * The {@code AccessibleObject} class is the base class for {@code Field},
43 * {@code Method}, and {@code Constructor} objects (known as <em>reflected
44 * objects</em>). It provides the ability to flag a reflected object as
45 * suppressing checks for Java language access control when it is used. This
46 * permits sophisticated applications with sufficient privilege, such as Java
47 * Object Serialization or other persistence mechanisms, to manipulate objects
48 * in a manner that would normally be prohibited.
49 *
50 * <p> Java language access control prevents use of private members outside
51 * their top-level class; package access members outside their package; protected members
52 * outside their package or subclasses; and public members outside their
60 * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
61 * class on the stack only succeeds if the member and the declaring class are
62 * public, and the class is in a package that is exported to all modules. </p>
63 *
64 * <p> The one variation from Java language access control is that the checks
65 * by reflected objects assume readability. That is, the module containing
66 * the use of a reflected object is assumed to read the module in which
67 * the underlying field, method, or constructor is declared. </p>
68 *
69 * <p> Whether the checks for Java language access control can be suppressed
70 * (and thus, whether access can be enabled) depends on whether the reflected
71 * object corresponds to a member in an exported or open package
72 * (see {@link #setAccessible(boolean)}). </p>
73 *
74 * @jls 6.6 Access Control
75 * @since 1.2
76 * @revised 9
77 * @spec JPMS
78 */
79 public class AccessibleObject implements AnnotatedElement {
80
81 static void checkPermission() {
82 SecurityManager sm = System.getSecurityManager();
83 if (sm != null) {
84 // SecurityConstants.ACCESS_PERMISSION is used to check
85 // whether a client has sufficient privilege to defeat Java
86 // language access control checks.
87 sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
88 }
89 }
90
91 /**
92 * Convenience method to set the {@code accessible} flag for an
93 * array of reflected objects with a single security check (for efficiency).
94 *
95 * <p> This method may be used to enable access to all reflected objects in
96 * the array when access to each reflected object can be enabled as
97 * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
98 *
99 * <p>If there is a security manager, its
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang.reflect;
27
28 import java.lang.annotation.Annotation;
29 import java.lang.invoke.MethodHandle;
30 import java.lang.ref.WeakReference;
31 import java.security.AccessController;
32
33 import jdk.internal.access.SharedSecrets;
34 import jdk.internal.misc.VM;
35 import jdk.internal.module.IllegalAccessLogger;
36 import jdk.internal.reflect.CallerSensitive;
37 import jdk.internal.reflect.Reflection;
38 import jdk.internal.reflect.ReflectionFactory;
39 import sun.security.action.GetPropertyAction;
40 import sun.security.util.SecurityConstants;
41
42 /**
43 * The {@code AccessibleObject} class is the base class for {@code Field},
44 * {@code Method}, and {@code Constructor} objects (known as <em>reflected
45 * objects</em>). It provides the ability to flag a reflected object as
46 * suppressing checks for Java language access control when it is used. This
47 * permits sophisticated applications with sufficient privilege, such as Java
48 * Object Serialization or other persistence mechanisms, to manipulate objects
49 * in a manner that would normally be prohibited.
50 *
51 * <p> Java language access control prevents use of private members outside
52 * their top-level class; package access members outside their package; protected members
53 * outside their package or subclasses; and public members outside their
61 * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
62 * class on the stack only succeeds if the member and the declaring class are
63 * public, and the class is in a package that is exported to all modules. </p>
64 *
65 * <p> The one variation from Java language access control is that the checks
66 * by reflected objects assume readability. That is, the module containing
67 * the use of a reflected object is assumed to read the module in which
68 * the underlying field, method, or constructor is declared. </p>
69 *
70 * <p> Whether the checks for Java language access control can be suppressed
71 * (and thus, whether access can be enabled) depends on whether the reflected
72 * object corresponds to a member in an exported or open package
73 * (see {@link #setAccessible(boolean)}). </p>
74 *
75 * @jls 6.6 Access Control
76 * @since 1.2
77 * @revised 9
78 * @spec JPMS
79 */
80 public class AccessibleObject implements AnnotatedElement {
81 static {
82 // AccessibleObject is initialized early in initPhase1
83 SharedSecrets.setJavaLangReflectAccess(new java.lang.reflect.ReflectAccess());
84 }
85
86 static void checkPermission() {
87 SecurityManager sm = System.getSecurityManager();
88 if (sm != null) {
89 // SecurityConstants.ACCESS_PERMISSION is used to check
90 // whether a client has sufficient privilege to defeat Java
91 // language access control checks.
92 sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
93 }
94 }
95
96 /**
97 * Convenience method to set the {@code accessible} flag for an
98 * array of reflected objects with a single security check (for efficiency).
99 *
100 * <p> This method may be used to enable access to all reflected objects in
101 * the array when access to each reflected object can be enabled as
102 * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
103 *
104 * <p>If there is a security manager, its
|