2

Class.java How Java restrict reflection access to the field private final ClassLoader classLoader in Class.java? (As shown in documentation in screenshot)

I have found a link which describes that a SecurityManager can be used to restrict reflection access but how can I use that. Please explain in detail.

And after that I want to restrict access only to a particular field.

Found similar question but want to know how can I implement this in my class and as already asked in the question why this is implemented in jdk? Can I also break this chain using reflection?

Community
  • 1
  • 1
ankur_rajput
  • 145
  • 2
  • 11
  • [Here](http://stackoverflow.com/questions/14903318/hiding-my-security-key-from-java-reflection?answertab=votes#tab-top) is the answer to your question. – Pavlo Viazovskyy Apr 18 '17 at 18:55
  • Why do you want to use this private field? I am certain, that your problem can get solved, but not by accessing this field which is protected by the JVM. @Pavlo: It seems that some fields cannot be made accessible, since they aren't even findable. – CoronA Apr 21 '17 at 14:07

1 Answers1

3

It's protected by the JVM by special mechanisms not available to you. Even if you have all the permissions, you can't access it through reflection although normally private fields could be made accessible.

For us mortals, the best we can do is use a SecurityManager that prevents reflection access, and more importantly design our software so it doesn't rely on Java to keep things secret.

To answer your edit, since I was apparently unclear(?)

"how can I implement this in my class?" You can't.

"why this is implemented in jdk?" So you can't use reflection to bypass it.

"Can I also break this chain using reflection?" No, that's the whole point.

Kayaman
  • 72,141
  • 5
  • 83
  • 121