开发者

Making a String really immutable

开发者 https://www.devze.com 2023-03-21 15:36 出处:网络
I\'ve got a question but to get an answer the following fact has first to be accepted: in some cases, Java Strings can be modified.

I've got a question but to get an answer the following fact has first to be accepted: in some cases, Java Strings can be modified.

This has been demonstrated in the Artima article titled: "hi there".equals("cheers !") == true

Link: http://www.artima.com/weblogs/viewpost.jsp?thread=4864

It still works nicely in Java 1.6 and it surely goes somehow against the popular belief that consists in repeating "Java Strings are always immutable".

So my question is simple: can String always be modified like this and are there any JVM se开发者_高级运维curity settings that can be turned on to prevent this?


You need to add a SecurityManager. This site has an example and explanation:

Run with:

java -Djava.security.manager UseReflection

And the code:

import java.lang.reflect.Field;
import java.security.Permission;

public class UseReflection {
    static{
        try {
            System.setSecurityManager(new MySecurityManager());
        } catch (SecurityException se) {
            System.out.println("SecurityManager already set!");
        }

    }
    public static void main(String args[]) {
        Object prey = new Prey();
        try {
            Field pf = prey.getClass().getDeclaredField("privateString");
            pf.setAccessible(true);
            pf.set(prey, "Aminur test");
            System.out.println(pf.get(prey));
        } catch (Exception e) {
            System.err.println("Caught exception " + e.toString());
        }

    }
}

class Prey {
    private String privateString = "privateValue";
}

class MySecurityManager extends SecurityManager {
     public void checkPermission(Permission perm) {
         if(perm.getName().equals("suppressAccessChecks")){
             throw new SecurityException("Can not change the permission dude.!");
         }

     }
}


All reflection operations are subject to checks by the SecurityManager you installed.

And if you're worrying about malicious code, you must have a SecurityManager anyway. If not, then I wouldn't bother. If people want to shoot themselves in the foot so desperately, they should be allowed to.

0

精彩评论

暂无评论...
验证码 换一张
取 消