Reputation: 2295
What are the default ReflectPermissions and how to change them?
I'm trying to understand under which conditions calling Method.setAccessible() is permitted. As far as I understand the various bits of documentation, calling setAccessible() triggers a check in the SecurityManager to see if changing access modifiers is permitted.
Given that, I tried to find out what the default setting for this permission is, and where I can change it. In the central java.policy file, no mention of these permissions is made, and I couldn't find any other policy file that takes effect, and I also couldn't find any additional documentation about defaults that the SecurityManager might apply.
The main reason why I'm trying to figure this out is that I'm using reflection to circumvent access modifiers. And I'd like to know what I have to tell clients of my code about how to make this work for them.
Any hints where to look or insights in how this works?
Upvotes: 2
Views: 5063
Answers (1)
Reputation: 4740
It's all about the SecurityManager.
By default, no SecurityManager is installed (this is why all permission checks check for SM availability). This is your default - everything is fine.
Some launcher (like the applet environment) will install a SecurityManager, which in turn uses a policy file based Policy by default. You can change this in the "java.security" file. Other environments (like a servlet container or Java EE container) may install a SecurityManager, too.
After this, java security is in place. By default, your code can no longer call "setAccessible".
To re-enable this, you have to change the policy file (if the default Policy is active, if not -> read the documentation of the environment you are running in). Making accessors accessible is a huge change - so double check if your requirements and the requirements of the runtime environment are still compatible. For example, making this change for plain applets will compromise security severly.
grant {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
will enable the permission.
Upvotes: 4
Related Questions
- Get the current value of `-illegal-access` setting in Java
- What is an illegal reflective access?
- Java Security Manager completely disable reflection
- How to disable reflections for a single JVM instance
- java.lang.SecurityException with reflection
- Why Java reflect can access to private field/method?
- Reflection Security
- Java Reflection permission error
- How to deny reflection using ReflectionPermission
- Java reflection framework and security