Java Reference
In-Depth Information
So far, everything looks fine. You might think that if you cannot access a private member of a class, you can
always use reflection to access them. However, this is not always true. Access to otherwise inaccessible members of
a class is handled through the Java security manager. By default, when you run your application on your computer,
the security manager is not installed for your application. The absence of the security manager for your application
lets you access all fields, methods, and constructors of a class using the
setAccessible(true)
method. However, if a
security manager is installed for your application, whether you can access an inaccessible class member depends on
the permission granted to your application to access such members. You can check if the security manager is installed
for your application or not by using the following piece of code:
SecurityManager securityMgr = System.getSecurityManager();
if (securityMgr == null) {
System.out.println("Security manager is not installed");
}
You can install a default security manager by passing the
-Djava.security.manager
option on the command line
when you run the Java application. The security manager uses a Java security policy file to enforce the rules specified
in that policy file. The Java security policy file is specified using the
-Djava.security.policy
command line option. If
you want to run the
com.jdojo.reflection.AccessPrivateField
class with the Java security manager with the Java
policy file stored in the
c:\myjava.policy
file, you would use the following command:
java -Djava.security.manager -Djava.security.policy=c:\myjava.policy
com.jdojo.reflection.AccessPrivateField
If you want to allow your program to access an inaccessible field of a class using reflection, the contents of the
myjava.policy
file would look as follows:
grant {
// Grant permission to all programs to access inaccessible class members
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
If you want to stop the Java program from accessing inaccessible members of a class using reflection, either you
remove or comment out the following line in your Java security policy file, and run your application using a security
manager with a Java security file:
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
If you run the program listed in Listing 3-14 without the above permission, the
setAccessible(true)
method
call will throw a security exception.
You can check if your program can access normally inaccessible class members. The check is performed using
the
ReflectPermission
class in the
java.lang.reflect
package. You can create an object of the class with the
name of the permission. The permission name to use is “suppressAccessChecks”. You can call the
checkGuard()
method on this object. If this method returns
true
, it means your program has access to those normally inaccessible
class members. If this method throws a
SecurityException
, “it means you do not have permission to access the
normally inaccessible class members. The
checkGuard()
method takes an object as an argument. Currently, this
argument is ignored.
Listing 3-15 illustrates how to check if your program can access normally inaccessible class members using
reflection. You can run the
ReflectPermissionTest
class by installing the Java security manager and a Java security
policy file. The output of this program will be different depending on the reflect permission grant in your Java security
policy file. If you run this class without a Java security manager, the output will always indicate that the reflect
permission is granted to your program.
