Java Reference
In-Depth Information
Table 1-2.
Methods that check the calling method only
Because the
java.lang.reflect.Field.setAccessible()
and
getAccessible()
methods are used to instruct the Java Virtual Machine (JVM) to override the language ac-
cess checks, they perform standard (and more restrictive) security manager checks, and
consequently lack the vulnerability described by this guideline. Nevertheless, these meth-
ods should also be used with extreme caution. The remaining
set*
and
get*
field reflec-
tion methods perform only the language access checks and are consequently vulnerable.
Class Loaders
Class loaders allow a Java application to be dynamically extended at runtime by loading
additional classes. For each class that is loaded, the JVM tracks the class loader that was
usedtoloadtheclass.Whenaloadedclassfirstreferstoanotherclass,thevirtualmachine
requests that the referenced class be loaded by the same class loader that was used to load
the referencing class. Java's class loader architecture controls interaction between code
loaded from different sources by allowing the use of different class loaders. This separa-
tion of class loaders is fundamental to the separation of code: it prevents malicious code
from gaining access to and subverting trusted code.
Several methods which are charged with loading classes delegate their work to the
class loader of the class of the method that called them. The security checks associated
with loading classes are performed by the class loaders. Consequently, any method that
invokes one of these class loading methods must guarantee that these methods cannot act
on behalf of untrusted code. These methods are listed in
Table 1-3
.
