...
This noncompliant code example concerns a class that is internal to a system and not part of any public API. Nonetheless, the class Point is declared public. Even though this example complies with OBJ01-J. Declare data members as private and provide accessible wrapper methods, untrusted code could instantiate Point and invoke the public getPoint() to obtain the coordinates.
| Code Block | ||
|---|---|---|
| ||
public final class Point {
private final int x;
private final int y;
public Point(int x, int y) {
this.x = x;
this.y = y;
}
public void getPoint() {
System.out.println("(" + x + "," + y + ")");
}
}
|
Even though this example complies with OBJ01-J. Declare data members as private and provide accessible wrapper methods, untrusted code could instantiate Point and invoke the public getPoint() to obtain the coordinates.
Compliant Solution (Final Classes with Public Methods)
...
This noncompliant code example again concerns a class that is internal to a system and not part of any public API. Nonetheless, the class Point is declared public. Even though this example complies with OBJ01-J. Declare data members as private and provide accessible wrapper methods, untrusted code could instantiate Point and invoke the public getPoint() to obtain the coordinates.This example shows a public Point class that attempts to implement instance control using a private constructor. However, untrusted
| Code Block |
|---|
...
| Code Block | ||
|---|---|---|
| ||
public final class Point {
private static final int x = 1;
private static final int y = 2;
private Point(int x, int y) {}
public static void getPoint() {
System.out.println("(" + x + "," + y + ")");
}
}
|
Even though this example complies with OBJ01-J. Declare data members as private and provide accessible wrapper methods, untrusted code could access Point and invoke the public static getPoint() to obtain the default coordinates.The attempt to implement instance control using a private constructor is futile because the public static method exposes internal class contents.
Compliant Solution (Package-Private Class)
This compliant solution reduces the accessibility of the class to package-private. As a consequence, access to the getPoint() method is restricted to classes located within the same package. Untrusted code is prevented from invoking getPoint() and obtaining the coordinates.
| Code Block | ||
|---|---|---|
| ||
final class Point {
private static final int x = 1;
private static final int y = 2;
private Point(int x, int y) {}
public static void getPoint() {
System.out.println("(" + x + "," + y + ")");
}
}
|
Consequently, access to the getPoint() method is restricted to classes located within the same package. Untrusted code is prevented from invoking getPoint() and obtaining the coordinates.
Applicability
Granting unnecessary access breaks encapsulation and weakens the security of Java applications.
A system with an API designed to be used for use (and possibly extended) by third-party code must have classes and methods sufficiently public to provide that APIexpose the API through a public interface. The demands of such an API override this ruleguideline.
For any given body piece of code, we can compute the minimum accessibility for each class and member that avoids introducing new can be computed so as to avoid introducing compilation errors. The A limitation is that the result of this computation may lack any resemblance to what the designer programmer intended when the code was written. For example, unused members can obviously be declared to be private. However, such members could be unused only because the particular body of code examined coincidentally lacks references to the members. Nevertheless, this computation can provide a useful starting point for a programmer who wishes to minimize the accessibility of classes and their members.
...