/* * @(#)AccessibleObject.java 1.26 04/01/12 * * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.lang.reflect; import java.security.AccessController; import sun.reflect.ReflectionFactory; import java.lang.annotation.Annotation; /** * The AccessibleObject class is the base class for Field, Method and * Constructor objects. It provides the ability to flag a reflected * object as suppressing default Java language access control checks * when it is used. The access checks--for public, default (package) * access, protected, and private members--are performed when Fields, * Methods or Constructors are used to set or get fields, to invoke * methods, or to create and initialize new instances of classes, * respectively. * *
Setting the accessible flag in a reflected object * permits sophisticated applications with sufficient privilege, such * as Java Object Serialization or other persistence mechanisms, to * manipulate objects in a manner that would normally be prohibited. * * @see Field * @see Method * @see Constructor * @see ReflectPermission * * @since 1.2 */ public class AccessibleObject implements AnnotatedElement { /** * The Permission object that is used to check whether a client * has sufficient privilege to defeat Java language access * control checks. */ static final private java.security.Permission ACCESS_PERMISSION = new ReflectPermission("suppressAccessChecks"); /** * Convenience method to set the accessible flag for an * array of objects with a single security check (for efficiency). * *
First, if there is a security manager, its
* checkPermission
method is called with a
* ReflectPermission("suppressAccessChecks")
permission.
*
*
A SecurityException
is raised if flag
is
* true
but accessibility of any of the elements of the input
* array
may not be changed (for example, if the element
* object is a {@link Constructor} object for the class {@link
* java.lang.Class}). In the event of such a SecurityException, the
* accessibility of objects is set to flag
for array elements
* upto (and excluding) the element for which the exception occurred; the
* accessibility of elements beyond (and including) the element for which
* the exception occurred is unchanged.
*
* @param array the array of AccessibleObjects
* @param flag the new value for the accessible flag
* in each object
* @throws SecurityException if the request is denied.
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*/
public static void setAccessible(AccessibleObject[] array, boolean flag)
throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
for (int i = 0; i < array.length; i++) {
setAccessible0(array[i], flag);
}
}
/**
* Set the accessible flag for this object to
* the indicated boolean value. A value of true indicates that
* the reflected object should suppress Java language access
* checking when it is used. A value of false indicates
* that the reflected object should enforce Java language access checks.
*
*
First, if there is a security manager, its
* checkPermission
method is called with a
* ReflectPermission("suppressAccessChecks")
permission.
*
*
A SecurityException
is raised if flag
is
* true
but accessibility of this object may not be changed
* (for example, if this element object is a {@link Constructor} object for
* the class {@link java.lang.Class}).
*
*
A SecurityException
is raised if this object is a {@link
* java.lang.reflect.Constructor} object for the class
* java.lang.Class
, and flag
is true.
*
* @param flag the new value for the accessible flag
* @throws SecurityException if the request is denied.
* @see SecurityManager#checkPermission
* @see java.lang.RuntimePermission
*/
public void setAccessible(boolean flag) throws SecurityException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
setAccessible0(this, flag);
}
/* Check that you aren't exposing java.lang.Class.