1 /*
2 * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang.reflect;
27
28 import java.lang.annotation.Annotation;
29 import java.lang.invoke.MethodHandle;
30 import java.lang.ref.WeakReference;
31
32 import jdk.internal.access.SharedSecrets;
33 import jdk.internal.misc.VM;
34 import jdk.internal.reflect.CallerSensitive;
35 import jdk.internal.reflect.Reflection;
36 import jdk.internal.reflect.ReflectionFactory;
37
38 /**
39 * The {@code AccessibleObject} class is the base class for {@code Field},
40 * {@code Method}, and {@code Constructor} objects (known as <em>reflected
41 * objects</em>). It provides the ability to flag a reflected object as
42 * suppressing checks for Java language access control when it is used. This
43 * permits sophisticated applications with sufficient privilege, such as Java
44 * Object Serialization or other persistence mechanisms, to manipulate objects
45 * in a manner that would normally be prohibited.
46 *
47 * <p> Java language access control prevents use of private members outside
48 * their top-level class; package access members outside their package; protected members
49 * outside their package or subclasses; and public members outside their
50 * module unless they are declared in an {@link Module#isExported(String,Module)
51 * exported} package and the user {@link Module#canRead reads} their module. By
52 * default, Java language access control is enforced (with one variation) when
53 * {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
54 * set fields, to invoke methods, or to create and initialize new instances of
55 * classes, respectively. Every reflected object checks that the code using it
56 * is in an appropriate class, package, or module. The check when invoked by
57 * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
58 * class on the stack only succeeds if the member and the declaring class are
59 * public, and the class is in a package that is exported to all modules. </p>
60 *
61 * <p> The one variation from Java language access control is that the checks
62 * by reflected objects assume readability. That is, the module containing
63 * the use of a reflected object is assumed to read the module in which
64 * the underlying field, method, or constructor is declared. </p>
65 *
66 * <p> Whether the checks for Java language access control can be suppressed
67 * (and thus, whether access can be enabled) depends on whether the reflected
68 * object corresponds to a member in an exported or open package
69 * (see {@link #setAccessible(boolean)}). </p>
70 *
71 * @spec jni/index.html Java Native Interface Specification
72 * @jls 6.6 Access Control
73 * @since 1.2
74 */
75 public class AccessibleObject implements AnnotatedElement {
76 static {
77 // AccessibleObject is initialized early in initPhase1
78 SharedSecrets.setJavaLangReflectAccess(new ReflectAccess());
79 }
80
81 /**
82 * Convenience method to set the {@code accessible} flag for an
83 * array of reflected objects.
84 *
85 * <p> This method may be used to enable access to all reflected objects in
86 * the array when access to each reflected object can be enabled as
87 * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
88 *
89 * <p>A {@code SecurityException} is thrown if any of the elements of
90 * the input {@code array} is a {@link java.lang.reflect.Constructor}
91 * object for the class {@code java.lang.Class} and {@code flag} is true.
92 *
93 * @param array the array of AccessibleObjects
94 * @param flag the new value for the {@code accessible} flag
95 * in each object
96 * @throws InaccessibleObjectException if access cannot be enabled for all
|
1 /*
2 * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang.reflect;
27
28 import java.lang.annotation.Annotation;
29 import java.lang.invoke.MethodHandle;
30 import java.lang.ref.WeakReference;
31
32 import jdk.internal.access.SharedSecrets;
33 import jdk.internal.misc.VM;
34 import jdk.internal.reflect.CallerSensitive;
35 import jdk.internal.reflect.Reflection;
36 import jdk.internal.reflect.ReflectionFactory;
37 import jdk.internal.vm.annotation.AOTRuntimeSetup;
38 import jdk.internal.vm.annotation.AOTSafeClassInitializer;
39
40 /**
41 * The {@code AccessibleObject} class is the base class for {@code Field},
42 * {@code Method}, and {@code Constructor} objects (known as <em>reflected
43 * objects</em>). It provides the ability to flag a reflected object as
44 * suppressing checks for Java language access control when it is used. This
45 * permits sophisticated applications with sufficient privilege, such as Java
46 * Object Serialization or other persistence mechanisms, to manipulate objects
47 * in a manner that would normally be prohibited.
48 *
49 * <p> Java language access control prevents use of private members outside
50 * their top-level class; package access members outside their package; protected members
51 * outside their package or subclasses; and public members outside their
52 * module unless they are declared in an {@link Module#isExported(String,Module)
53 * exported} package and the user {@link Module#canRead reads} their module. By
54 * default, Java language access control is enforced (with one variation) when
55 * {@code Field}s, {@code Method}s, or {@code Constructor}s are used to get or
56 * set fields, to invoke methods, or to create and initialize new instances of
57 * classes, respectively. Every reflected object checks that the code using it
58 * is in an appropriate class, package, or module. The check when invoked by
59 * <a href="{@docRoot}/../specs/jni/index.html">JNI code</a> with no Java
60 * class on the stack only succeeds if the member and the declaring class are
61 * public, and the class is in a package that is exported to all modules. </p>
62 *
63 * <p> The one variation from Java language access control is that the checks
64 * by reflected objects assume readability. That is, the module containing
65 * the use of a reflected object is assumed to read the module in which
66 * the underlying field, method, or constructor is declared. </p>
67 *
68 * <p> Whether the checks for Java language access control can be suppressed
69 * (and thus, whether access can be enabled) depends on whether the reflected
70 * object corresponds to a member in an exported or open package
71 * (see {@link #setAccessible(boolean)}). </p>
72 *
73 * @spec jni/index.html Java Native Interface Specification
74 * @jls 6.6 Access Control
75 * @since 1.2
76 */
77 @AOTSafeClassInitializer
78 public class AccessibleObject implements AnnotatedElement {
79 static {
80 runtimeSetup();
81 }
82
83 @AOTRuntimeSetup
84 private static void runtimeSetup() {
85 // AccessibleObject is initialized early in initPhase1
86 SharedSecrets.setJavaLangReflectAccess(new ReflectAccess());
87 }
88
89 /**
90 * Convenience method to set the {@code accessible} flag for an
91 * array of reflected objects.
92 *
93 * <p> This method may be used to enable access to all reflected objects in
94 * the array when access to each reflected object can be enabled as
95 * specified by {@link #setAccessible(boolean) setAccessible(boolean)}. </p>
96 *
97 * <p>A {@code SecurityException} is thrown if any of the elements of
98 * the input {@code array} is a {@link java.lang.reflect.Constructor}
99 * object for the class {@code java.lang.Class} and {@code flag} is true.
100 *
101 * @param array the array of AccessibleObjects
102 * @param flag the new value for the {@code accessible} flag
103 * in each object
104 * @throws InaccessibleObjectException if access cannot be enabled for all
|