This will be demonstrated through DEFENDING Singleton pattern against reflection even singleton class have private constructor.
First we have to set some VM args to define, policy file path and enable security manager.These are as below:
First we have to set some VM args to define, policy file path and enable security manager.These are as below:
- -Djava.security.manager
- -Djava.security.policy=<file path>/.java.policy
/******* Singleton Class *******/
package com;
import java.lang.reflect.Constructor;
public class SingletonClass {
private static SingletonClass singletonObject;
static {
}
/** A private Constructor prevents any other class from instantiating. */
private SingletonClass() {
// Optional Code
}
public static synchronized SingletonClass getSingletonObject() {
if (singletonObject == null) {
singletonObject = new SingletonClass();
}
return singletonObject;
}
public static void main(String args[]) {
try {
Constructor constructor = SingletonClass.class
.getDeclaredConstructor();
constructor.setAccessible(true);
SingletonClass myObject = (SingletonClass) constructor
.newInstance();
SingletonClass myObject2 = SingletonClass.getSingletonObject();
System.out.println(myObject.equals(myObject2));
} catch (Exception e) {
e.printStackTrace();
}
}
public Object clone() throws CloneNotSupportedException {
throw new CloneNotSupportedException();
}
}
/********* Other class trying to create object of above singleton class through refelection **********/
public class CreateObject {
public static void main(String args[]) {
try {
Constructor constructor = SubClass.class
.getDeclaredConstructor(Integer.class);
constructor.setAccessible(true);
SubClass myObject = (SubClass) constructor.newInstance(1);
SingletonClass myObject2 = SingletonClass.getSingletonObject();
System.out.println(myObject.equals(myObject2));
} catch (Exception e) {
e.printStackTrace();
}
}
}
/******************* Policy file named as .java.policy ***************/
grant codeBase "file:com/SingletonClass" {
permission java.lang.reflect.ReflectPermission "com.SingletonClass";
};
Note: In this policy file we are setting that SingletonClass is only class which can create its object through reflection, NO One else.
/********************* Output when ran CreateObject ***************/
java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.reflect.AccessibleObject.setAccessible(Unknown Source)
at com.Verma.main(CreateObject.java:<line num>)
No comments:
Post a Comment