Thank you for the information. I was not aware that the
new security model allowed this kind of action.
Todd Greanier wrote:
>
> You certainly can. By specifying this permission in your policy file as
> such:
>
> grant {
> permission java.reflect.ReflectPermission suppressAccessChecks";
> };
>
> and then doing the following in some code:
>
> ...
>
> Class clazz = Class.forName("Foo");
> Field f = clazz.getField("id");
> Foo foo = (Foo)clazz.newInstance();
> f.set(foo, "Changed");
> ...
>
> The field "id" would have the new value. Works for methods too.
>
> The reason, if you care, is because there are certain things the VM needs to
> do that involve calling private members. Most notably, the private
> readObject and writeObject methods that a class can provide have to be
> accessible to the VM. Now, of course, ANYONE could access fields/methods if
> granted access.
>
> Obviously, this is not a good thing to allow anyone as the policy file above
> does...
--
Michael S. Jenkins | Abstract Data Types in Java
Jenkins Consulting Services, Inc | Michael S Jenkins / McGraw Hill
[EMAIL PROTECTED] | ISBN 0-07-913270-7
[EMAIL PROTECTED] | Get the book through my web site
http://www.wwa.com/~mjenkins <<<<-- in association with Amazon.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
