SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 144

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2022.2

...

The following table presents a simplified view of the access control rules. An x indicates that the particular access is permitted from within that domain. For example, an x in the class column means that the member is accessible to code present within the same class in which it is declared. Similarly, the package column indicates that the member is accessible from any class (or subclass) defined in the same package, provided that the class (or subclass) is loaded by the class loader that loaded the class containing the member. The same class loader condition applies only to package-private member access.

Access Specifier

Class

Package

Subclass

World

private

x

 

 

 




None

x

x

x*

 


protected

x

x

x**

 


public

x

x

x

x

* Subclasses within the same package can also access members that lack access specifiers (default or package-private visibility). An additional requirement for access is that the subclasses must be loaded by the class loader that loaded the class containing the package-private members. Subclasses in a different package cannot access such package-private members.

...

For any given piece of code, the minimum accessibility for each class and member can be computed so as to avoid introducing compilation errors. A limitation is that the result of this computation may lack any resemblance to what the programmer intended when the code was written. For example, unused members can obviously be declared to be private. However, such members could be unused only because the particular body of code examined coincidentally lacks references to the members. Nevertheless, this computation can provide a useful starting point for a programmer who wishes to minimize the accessibility of classes and their members.

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V

CERT.OBJ51.DPAF
CERT.OBJ51.DPAM
CERT.OBJ51.DPAC
CERT.OBJ51.DPPC
CERT.OBJ51.DPPF
CERT.OBJ51.DPPM

Declare package-private fields as inaccessible as possible
Declare package-private methods as inaccessible as possible
Declare "package-private" types as inaccessible as possible
Declare "public/protected" types as inaccessible as possible
Declare "public/protected" fields as inaccessible as possible
Declare "public/protected" methods as inaccessible as possible

Bibliography

[Bloch 2008]

Item 13, "Minimize the Accessibility of Classes and Members"
Item 16, "Prefer Interfaces to Abstract Classes"

[Campione 1996]

Access Control

[JLS 2014]

§6.6, "Access Control"

[McGraw 1999]

Chapter 3, "Java Language Security Constructs"

...


...