Save This Page
Home » openjdk-7 » java » lang » reflect » [javadoc | source]
    1   /*
    2    * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   package java.lang.reflect;
   27   
   28   import java.security.AccessController;
   29   import sun.reflect.Reflection;
   30   import sun.reflect.ReflectionFactory;
   31   import java.lang.annotation.Annotation;
   32   
   33   /**
   34    * The AccessibleObject class is the base class for Field, Method and
   35    * Constructor objects.  It provides the ability to flag a reflected
   36    * object as suppressing default Java language access control checks
   37    * when it is used.  The access checks--for public, default (package)
   38    * access, protected, and private members--are performed when Fields,
   39    * Methods or Constructors are used to set or get fields, to invoke
   40    * methods, or to create and initialize new instances of classes,
   41    * respectively.
   42    *
   43    * <p>Setting the {@code accessible} flag in a reflected object
   44    * permits sophisticated applications with sufficient privilege, such
   45    * as Java Object Serialization or other persistence mechanisms, to
   46    * manipulate objects in a manner that would normally be prohibited.
   47    *
   48    * <p>By default, a reflected object is <em>not</em> accessible.
   49    *
   50    * @see Field
   51    * @see Method
   52    * @see Constructor
   53    * @see ReflectPermission
   54    *
   55    * @since 1.2
   56    */
   57   public class AccessibleObject implements AnnotatedElement {
   58   
   59       /**
   60        * The Permission object that is used to check whether a client
   61        * has sufficient privilege to defeat Java language access
   62        * control checks.
   63        */
   64       static final private java.security.Permission ACCESS_PERMISSION =
   65           new ReflectPermission("suppressAccessChecks");
   66   
   67       /**
   68        * Convenience method to set the {@code accessible} flag for an
   69        * array of objects with a single security check (for efficiency).
   70        *
   71        * <p>First, if there is a security manager, its
   72        * {@code checkPermission} method is called with a
   73        * {@code ReflectPermission("suppressAccessChecks")} permission.
   74        *
   75        * <p>A {@code SecurityException} is raised if {@code flag} is
   76        * {@code true} but accessibility of any of the elements of the input
   77        * {@code array} may not be changed (for example, if the element
   78        * object is a {@link Constructor} object for the class {@link
   79        * java.lang.Class}).  In the event of such a SecurityException, the
   80        * accessibility of objects is set to {@code flag} for array elements
   81        * upto (and excluding) the element for which the exception occurred; the
   82        * accessibility of elements beyond (and including) the element for which
   83        * the exception occurred is unchanged.
   84        *
   85        * @param array the array of AccessibleObjects
   86        * @param flag  the new value for the {@code accessible} flag
   87        *              in each object
   88        * @throws SecurityException if the request is denied.
   89        * @see SecurityManager#checkPermission
   90        * @see java.lang.RuntimePermission
   91        */
   92       public static void setAccessible(AccessibleObject[] array, boolean flag)
   93           throws SecurityException {
   94           SecurityManager sm = System.getSecurityManager();
   95           if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
   96           for (int i = 0; i < array.length; i++) {
   97               setAccessible0(array[i], flag);
   98           }
   99       }
  100   
  101       /**
  102        * Set the {@code accessible} flag for this object to
  103        * the indicated boolean value.  A value of {@code true} indicates that
  104        * the reflected object should suppress Java language access
  105        * checking when it is used.  A value of {@code false} indicates
  106        * that the reflected object should enforce Java language access checks.
  107        *
  108        * <p>First, if there is a security manager, its
  109        * {@code checkPermission} method is called with a
  110        * {@code ReflectPermission("suppressAccessChecks")} permission.
  111        *
  112        * <p>A {@code SecurityException} is raised if {@code flag} is
  113        * {@code true} but accessibility of this object may not be changed
  114        * (for example, if this element object is a {@link Constructor} object for
  115        * the class {@link java.lang.Class}).
  116        *
  117        * <p>A {@code SecurityException} is raised if this object is a {@link
  118        * java.lang.reflect.Constructor} object for the class
  119        * {@code java.lang.Class}, and {@code flag} is true.
  120        *
  121        * @param flag the new value for the {@code accessible} flag
  122        * @throws SecurityException if the request is denied.
  123        * @see SecurityManager#checkPermission
  124        * @see java.lang.RuntimePermission
  125        */
  126       public void setAccessible(boolean flag) throws SecurityException {
  127           SecurityManager sm = System.getSecurityManager();
  128           if (sm != null) sm.checkPermission(ACCESS_PERMISSION);
  129           setAccessible0(this, flag);
  130       }
  131   
  132       /* Check that you aren't exposing java.lang.Class.<init>. */
  133       private static void setAccessible0(AccessibleObject obj, boolean flag)
  134           throws SecurityException
  135       {
  136           if (obj instanceof Constructor && flag == true) {
  137               Constructor<?> c = (Constructor<?>)obj;
  138               if (c.getDeclaringClass() == Class.class) {
  139                   throw new SecurityException("Can not make a java.lang.Class" +
  140                                               " constructor accessible");
  141               }
  142           }
  143           obj.override = flag;
  144       }
  145   
  146       /**
  147        * Get the value of the {@code accessible} flag for this object.
  148        *
  149        * @return the value of the object's {@code accessible} flag
  150        */
  151       public boolean isAccessible() {
  152           return override;
  153       }
  154   
  155       /**
  156        * Constructor: only used by the Java Virtual Machine.
  157        */
  158       protected AccessibleObject() {}
  159   
  160       // Indicates whether language-level access checks are overridden
  161       // by this object. Initializes to "false". This field is used by
  162       // Field, Method, and Constructor.
  163       //
  164       // NOTE: for security purposes, this field must not be visible
  165       // outside this package.
  166       boolean override;
  167   
  168       // Reflection factory used by subclasses for creating field,
  169       // method, and constructor accessors. Note that this is called
  170       // very early in the bootstrapping process.
  171       static final ReflectionFactory reflectionFactory =
  172           AccessController.doPrivileged(
  173               new sun.reflect.ReflectionFactory.GetReflectionFactoryAction());
  174   
  175       /**
  176        * @throws NullPointerException {@inheritDoc}
  177        * @since 1.5
  178        */
  179       public <T extends Annotation> T getAnnotation(Class<T> annotationClass) {
  180           throw new AssertionError("All subclasses should override this method");
  181       }
  182   
  183       /**
  184        * @throws NullPointerException {@inheritDoc}
  185        * @since 1.5
  186        */
  187       public boolean isAnnotationPresent(
  188           Class<? extends Annotation> annotationClass) {
  189           return getAnnotation(annotationClass) != null;
  190       }
  191   
  192       /**
  193        * @since 1.5
  194        */
  195       public Annotation[] getAnnotations() {
  196           return getDeclaredAnnotations();
  197       }
  198   
  199       /**
  200        * @since 1.5
  201        */
  202       public Annotation[] getDeclaredAnnotations()  {
  203           throw new AssertionError("All subclasses should override this method");
  204       }
  205   
  206   
  207       // Shared access checking logic.
  208   
  209       // For non-public members or members in package-private classes,
  210       // it is necessary to perform somewhat expensive security checks.
  211       // If the security check succeeds for a given class, it will
  212       // always succeed (it is not affected by the granting or revoking
  213       // of permissions); we speed up the check in the common case by
  214       // remembering the last Class for which the check succeeded.
  215       //
  216       // The simple security check for Constructor is to see if
  217       // the caller has already been seen, verified, and cached.
  218       // (See also Class.newInstance(), which uses a similar method.)
  219       //
  220       // A more complicated security check cache is needed for Method and Field
  221       // The cache can be either null (empty cache), a 2-array of {caller,target},
  222       // or a caller (with target implicitly equal to this.clazz).
  223       // In the 2-array case, the target is always different from the clazz.
  224       volatile Object securityCheckCache;
  225   
  226       void checkAccess(Class<?> caller, Class<?> clazz, Object obj, int modifiers)
  227           throws IllegalAccessException
  228       {
  229           if (caller == clazz) {  // quick check
  230               return;             // ACCESS IS OK
  231           }
  232           Object cache = securityCheckCache;  // read volatile
  233           Class<?> targetClass = clazz;
  234           if (obj != null
  235               && Modifier.isProtected(modifiers)
  236               && ((targetClass = obj.getClass()) != clazz)) {
  237               // Must match a 2-list of { caller, targetClass }.
  238               if (cache instanceof Class[]) {
  239                   Class<?>[] cache2 = (Class<?>[]) cache;
  240                   if (cache2[1] == targetClass &&
  241                       cache2[0] == caller) {
  242                       return;     // ACCESS IS OK
  243                   }
  244                   // (Test cache[1] first since range check for [1]
  245                   // subsumes range check for [0].)
  246               }
  247           } else if (cache == caller) {
  248               // Non-protected case (or obj.class == this.clazz).
  249               return;             // ACCESS IS OK
  250           }
  251   
  252           // If no return, fall through to the slow path.
  253           slowCheckMemberAccess(caller, clazz, obj, modifiers, targetClass);
  254       }
  255   
  256       // Keep all this slow stuff out of line:
  257       void slowCheckMemberAccess(Class<?> caller, Class<?> clazz, Object obj, int modifiers,
  258                                  Class<?> targetClass)
  259           throws IllegalAccessException
  260       {
  261           Reflection.ensureMemberAccess(caller, clazz, obj, modifiers);
  262   
  263           // Success: Update the cache.
  264           Object cache = ((targetClass == clazz)
  265                           ? caller
  266                           : new Class<?>[] { caller, targetClass });
  267   
  268           // Note:  The two cache elements are not volatile,
  269           // but they are effectively final.  The Java memory model
  270           // guarantees that the initializing stores for the cache
  271           // elements will occur before the volatile write.
  272           securityCheckCache = cache;         // write volatile
  273       }
  274   }

Save This Page
Home » openjdk-7 » java » lang » reflect » [javadoc | source]