< prev index next >

src/java.base/share/classes/java/lang/reflect/AccessibleObject.java

Print this page
rev 49922 : 8202419: Avoid creating Permission constants early
Reviewed-by: TBD


  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang.reflect;
  27 
  28 import java.lang.annotation.Annotation;
  29 import java.lang.invoke.MethodHandle;
  30 import java.security.AccessController;
  31 
  32 import jdk.internal.misc.VM;
  33 import jdk.internal.module.IllegalAccessLogger;
  34 import jdk.internal.reflect.CallerSensitive;
  35 import jdk.internal.reflect.Reflection;
  36 import jdk.internal.reflect.ReflectionFactory;
  37 import sun.security.action.GetPropertyAction;

  38 
  39 /**
  40  * The {@code AccessibleObject} class is the base class for {@code Field},
  41  * {@code Method}, and {@code Constructor} objects (known as <em>reflected
  42  * objects</em>). It provides the ability to flag a reflected object as
  43  * suppressing checks for Java language access control when it is used. This
  44  * permits sophisticated applications with sufficient privilege, such as Java
  45  * Object Serialization or other persistence mechanisms, to manipulate objects
  46  * in a manner that would normally be prohibited.
  47  *
  48  * <p> Java language access control prevents use of private members outside
  49  * their class; package access members outside their package; protected members
  50  * outside their package or subclasses; and public members outside their
  51  * module unless they are declared in an {@link Module#isExported(String,Module)
  52  * exported} package and the user {@link Module#canRead reads} their module. By
  53  * default, Java language access control is enforced (with one variation) when
  54  * {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
  55  * set fields, to invoke methods, or to create and initialize new instances of
  56  * classes, respectively. Every reflected object checks that the code using it
  57  * is in an appropriate class, package, or module. </p>
  58  *
  59  * <p> The one variation from Java language access control is that the checks
  60  * by reflected objects assume readability. That is, the module containing
  61  * the use of a reflected object is assumed to read the module in which
  62  * the underlying field, method, or constructor is declared. </p>
  63  *
  64  * <p> Whether the checks for Java language access control can be suppressed
  65  * (and thus, whether access can be enabled) depends on whether the reflected
  66  * object corresponds to a member in an exported or open package
  67  * (see {@link #setAccessible(boolean)}). </p>
  68  *
  69  * @jls 6.6 Access Control
  70  * @since 1.2
  71  * @revised 9
  72  * @spec JPMS
  73  */
  74 public class AccessibleObject implements AnnotatedElement {
  75 
  76     /**
  77      * The Permission object that is used to check whether a client
  78      * has sufficient privilege to defeat Java language access
  79      * control checks.
  80      */
  81     private static final java.security.Permission ACCESS_PERMISSION =
  82         new ReflectPermission("suppressAccessChecks");
  83 
  84     static void checkPermission() {
  85         SecurityManager sm = System.getSecurityManager();
  86         if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
  87     }
  88 
  89     /**
  90      * Convenience method to set the {@code accessible} flag for an
  91      * array of reflected objects with a single security check (for efficiency).
  92      *
  93      * <p> This method may be used to enable access to all reflected objects in
  94      * the array when access to each reflected object can be enabled as
  95      * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
  96      *
  97      * <p>If there is a security manager, its
  98      * {@code checkPermission} method is first called with a
  99      * {@code ReflectPermission("suppressAccessChecks")} permission.
 100      *
 101      * <p>A {@code SecurityException} is also thrown if any of the elements of
 102      * the input {@code array} is a {@link java.lang.reflect.Constructor}
 103      * object for the class {@code java.lang.Class} and {@code flag} is true.
 104      *
 105      * @param array the array of AccessibleObjects
 106      * @param flag  the new value for the {@code accessible} flag




  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.lang.reflect;
  27 
  28 import java.lang.annotation.Annotation;
  29 import java.lang.invoke.MethodHandle;
  30 import java.security.AccessController;
  31 
  32 import jdk.internal.misc.VM;
  33 import jdk.internal.module.IllegalAccessLogger;
  34 import jdk.internal.reflect.CallerSensitive;
  35 import jdk.internal.reflect.Reflection;
  36 import jdk.internal.reflect.ReflectionFactory;
  37 import sun.security.action.GetPropertyAction;
  38 import sun.security.util.SecurityConstants;
  39 
  40 /**
  41  * The {@code AccessibleObject} class is the base class for {@code Field},
  42  * {@code Method}, and {@code Constructor} objects (known as <em>reflected
  43  * objects</em>). It provides the ability to flag a reflected object as
  44  * suppressing checks for Java language access control when it is used. This
  45  * permits sophisticated applications with sufficient privilege, such as Java
  46  * Object Serialization or other persistence mechanisms, to manipulate objects
  47  * in a manner that would normally be prohibited.
  48  *
  49  * <p> Java language access control prevents use of private members outside
  50  * their class; package access members outside their package; protected members
  51  * outside their package or subclasses; and public members outside their
  52  * module unless they are declared in an {@link Module#isExported(String,Module)
  53  * exported} package and the user {@link Module#canRead reads} their module. By
  54  * default, Java language access control is enforced (with one variation) when
  55  * {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
  56  * set fields, to invoke methods, or to create and initialize new instances of
  57  * classes, respectively. Every reflected object checks that the code using it
  58  * is in an appropriate class, package, or module. </p>
  59  *
  60  * <p> The one variation from Java language access control is that the checks
  61  * by reflected objects assume readability. That is, the module containing
  62  * the use of a reflected object is assumed to read the module in which
  63  * the underlying field, method, or constructor is declared. </p>
  64  *
  65  * <p> Whether the checks for Java language access control can be suppressed
  66  * (and thus, whether access can be enabled) depends on whether the reflected
  67  * object corresponds to a member in an exported or open package
  68  * (see {@link #setAccessible(boolean)}). </p>
  69  *
  70  * @jls 6.6 Access Control
  71  * @since 1.2
  72  * @revised 9
  73  * @spec JPMS
  74  */
  75 public class AccessibleObject implements AnnotatedElement {
  76 








  77     static void checkPermission() {
  78         SecurityManager sm = System.getSecurityManager();
  79         if (sm != null) sm.checkPermission(SecurityConstants.ACCESS_PERMISSION);
  80     }
  81 
  82     /**
  83      * Convenience method to set the {@code accessible} flag for an
  84      * array of reflected objects with a single security check (for efficiency).
  85      *
  86      * <p> This method may be used to enable access to all reflected objects in
  87      * the array when access to each reflected object can be enabled as
  88      * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
  89      *
  90      * <p>If there is a security manager, its
  91      * {@code checkPermission} method is first called with a
  92      * {@code ReflectPermission("suppressAccessChecks")} permission.
  93      *
  94      * <p>A {@code SecurityException} is also thrown if any of the elements of
  95      * the input {@code array} is a {@link java.lang.reflect.Constructor}
  96      * object for the class {@code java.lang.Class} and {@code flag} is true.
  97      *
  98      * @param array the array of AccessibleObjects
  99      * @param flag  the new value for the {@code accessible} flag


< prev index next >