假设我创建了一个名为 Foo 的 Java 库,并且在该库中有一个名为 Bar 的类。让我们进一步假设在 Bar 类中我有一个私有(private)方法,称为 fooBar。
public class Bar {
//...
private Object fooBar() {
//Do something
}
//...
}
使用类中编写的代码可以毫无困难地运行此方法,如下所示:
public static Object runMethod(Object object, String methodName) {
Method method = object.getClass().getDeclaredMethod(methodName);
method.setAccessible(true);
return method.invoke(object);
}
但是,让我们假设我们打算阻止 fooBar 的这种习惯。我们怎么能做那样的事情呢?我们是否应该从某个地方获取堆栈跟踪并检查调用它的位置?还是我们应该做点别的?
最佳答案
你需要一个安全管理器......
https://docs.oracle.com/javase/tutorial/essential/environment/security.html
A security manager is an object that defines a security policy for an application. This policy specifies actions that are unsafe or sensitive. Any actions not allowed by the security policy cause a SecurityException to be thrown. An application can also query its security manager to discover which actions are allowed.
它支持禁止 setAccessible() 通过反射调用私有(private)和 protected 方法。
关于Java 防止在类外调用私有(private)或 protected 方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30669382/