1. /*

  2.  * @(#)AccessibleObject.java	1.26 04/01/12

  3.  *

  4.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package java.lang.reflect;

  9. 

  10. import java.security.AccessController;

  11. import sun.reflect.ReflectionFactory;

  12. import java.lang.annotation.Annotation;

  13. 

  14. /**

  15.  * The AccessibleObject class is the base class for Field, Method and

  16.  * Constructor objects.  It provides the ability to flag a reflected

  17.  * object as suppressing default Java language access control checks

  18.  * when it is used.  The access checks--for public, default (package)

  19.  * access, protected, and private members--are performed when Fields,

  20.  * Methods or Constructors are used to set or get fields, to invoke

  21.  * methods, or to create and initialize new instances of classes,

  22.  * respectively.

  23.  *

  24.  * <p>Setting the <tt>accessible</tt> flag in a reflected object

  25.  * permits sophisticated applications with sufficient privilege, such

  26.  * as Java Object Serialization or other persistence mechanisms, to

  27.  * manipulate objects in a manner that would normally be prohibited.

  28.  *

  29.  * @see Field

  30.  * @see Method

  31.  * @see Constructor

  32.  * @see ReflectPermission

  33.  *

  34.  * @since 1.2

  35.  */

  36. public class AccessibleObject implements AnnotatedElement {

  37. 

  38.     /**

  39.      * The Permission object that is used to check whether a client

  40.      * has sufficient privilege to defeat Java language access

  41.      * control checks.

  42.      */

  43.     static final private java.security.Permission ACCESS_PERMISSION =

  44. 	new ReflectPermission("suppressAccessChecks");

  45. 

  46.     /**

  47.      * Convenience method to set the <tt>accessible</tt> flag for an

  48.      * array of objects with a single security check (for efficiency).

  49.      *

  50.      * <p>First, if there is a security manager, its

  51.      * <code>checkPermission</code> method is called with a

  52.      * <code>ReflectPermission("suppressAccessChecks")</code> permission.

  53.      *

  54.      * <p>A <code>SecurityException</code> is raised if <code>flag</code> is

  55.      * <code>true</code> but accessibility of any of the elements of the input

  56.      * <code>array</code> may not be changed (for example, if the element

  57.      * object is a {@link Constructor} object for the class {@link

  58.      * java.lang.Class}).  In the event of such a SecurityException, the

  59.      * accessibility of objects is set to <code>flag</code> for array elements

  60.      * upto (and excluding) the element for which the exception occurred; the

  61.      * accessibility of elements beyond (and including) the element for which

  62.      * the exception occurred is unchanged.

  63.      *

  64.      * @param array the array of AccessibleObjects

  65.      * @param flag  the new value for the <tt>accessible</tt> flag

  66.      *              in each object

  67.      * @throws SecurityException if the request is denied.

  68.      * @see SecurityManager#checkPermission

  69.      * @see java.lang.RuntimePermission

  70.      */

  71.     public static void setAccessible(AccessibleObject[] array, boolean flag)

  72. 	throws SecurityException {

  73. 	SecurityManager sm = System.getSecurityManager();

  74. 	if (sm != null) sm.checkPermission(ACCESS_PERMISSION);

  75. 	for (int i = 0; i < array.length; i++) {

  76. 	    setAccessible0(array[i], flag);

  77. 	}

  78.     }

  79. 

  80.     /**

  81.      * Set the <tt>accessible</tt> flag for this object to

  82.      * the indicated boolean value.  A value of <tt>true</tt> indicates that

  83.      * the reflected object should suppress Java language access

  84.      * checking when it is used.  A value of <tt>false</tt> indicates 

  85.      * that the reflected object should enforce Java language access checks.

  86.      *

  87.      * <p>First, if there is a security manager, its

  88.      * <code>checkPermission</code> method is called with a

  89.      * <code>ReflectPermission("suppressAccessChecks")</code> permission.

  90.      * 

  91.      * <p>A <code>SecurityException</code> is raised if <code>flag</code> is

  92.      * <code>true</code> but accessibility of this object may not be changed

  93.      * (for example, if this element object is a {@link Constructor} object for

  94.      * the class {@link java.lang.Class}).

  95.      *

  96.      * <p>A <code>SecurityException</code> is raised if this object is a {@link

  97.      * java.lang.reflect.Constructor} object for the class

  98.      * <code>java.lang.Class</code>, and <code>flag</code> is true.

  99.      *

  100.      * @param flag the new value for the <tt>accessible</tt> flag

  101.      * @throws SecurityException if the request is denied.

  102.      * @see SecurityManager#checkPermission

  103.      * @see java.lang.RuntimePermission

  104.      */

  105.     public void setAccessible(boolean flag) throws SecurityException {

  106. 	SecurityManager sm = System.getSecurityManager();

  107. 	if (sm != null) sm.checkPermission(ACCESS_PERMISSION);

  108. 	setAccessible0(this, flag);

  109.     }

  110. 

  111.     /* Check that you aren't exposing java.lang.Class.<init>. */

  112.     private static void setAccessible0(AccessibleObject obj, boolean flag)

  113. 	throws SecurityException

  114.     {

  115. 	if (obj instanceof Constructor && flag == true) {

  116. 	    Constructor c = (Constructor)obj;

  117. 	    if (c.getDeclaringClass() == Class.class) {

  118. 		throw new SecurityException("Can not make a java.lang.Class" +

  119. 					    " constructor accessible");

  120. 	    }

  121. 	}

  122. 	obj.override = flag;

  123.     }

  124. 

  125.     /**

  126.      * Get the value of the <tt>accessible</tt> flag for this object.

  127.      *

  128.      * @return the value of the object's <tt>accessible</tt> flag

  129.      */

  130.     public boolean isAccessible() {

  131. 	return override;

  132.     }

  133. 

  134.     /**

  135.      * Constructor: only used by the Java Virtual Machine.

  136.      */

  137.     protected AccessibleObject() {}

  138. 

  139.     // Cache for security checks.

  140. 

  141.     // For non-public members or members in package-private classes,

  142.     // it is necessary to perform somewhat expensive security checks.

  143.     // If the security check succeeds for a given class, it will

  144.     // always succeed (it is not affected by the granting or revoking

  145.     // of permissions); we speed up the check in the common case by

  146.     // remembering the last Class for which the check succeeded.  This

  147.     // field is used by Field, Method, and Constructor.

  148.     //

  149.     // NOTE: for security purposes, this field must not be visible

  150.     // outside this package.

  151.     volatile Class securityCheckCache;

  152. 

  153.     // Indicates whether language-level access checks are overridden

  154.     // by this object. Initializes to "false". This field is used by

  155.     // Field, Method, and Constructor.

  156.     //

  157.     // NOTE: for security purposes, this field must not be visible

  158.     // outside this package.

  159.     boolean override;

  160. 

  161.     // Reflection factory used by subclasses for creating field,

  162.     // method, and constructor accessors. Note that this is called

  163.     // very early in the bootstrapping process.

  164.     static final ReflectionFactory reflectionFactory = (ReflectionFactory)

  165.         AccessController.doPrivileged

  166.             (new sun.reflect.ReflectionFactory.GetReflectionFactoryAction());

  167. 

  168.     public <T extends Annotation> T getAnnotation(Class<T> annotationClass) {

  169.         throw new AssertionError("All subclasses should override this method");

  170.     }

  171. 

  172.     public boolean isAnnotationPresent(

  173.         Class<? extends Annotation> annotationClass)

  174.     {

  175.         return getAnnotation(annotationClass) != null;

  176.     }

  177. 

  178.     public Annotation[] getAnnotations() { 

  179.         return getDeclaredAnnotations();

  180.     }

  181. 

  182.     public Annotation[] getDeclaredAnnotations()  {

  183.         throw new AssertionError("All subclasses should override this method");

  184.     }

  185. }