用其他方式破解单身人士 [英] cracking singleton with other ways

问题描述

我正在研究单身人士，我开发了一个非常基本的单例类..

I was doing research on singleton and I have developed a very basic singleton class..

public class SingletonObject {
    private static SingletonObject ref;
    private SingletonObject () //private constructor
    { }

    public  static synchronized   SingletonObject getSingletonObject()
    {
        if (ref == null)
            ref = new SingletonObject();
                return ref;
        }


    public Object clone() throws CloneNotSupportedException
    {throw new CloneNotSupportedException ();
    }   
}

现在，下面是我破解的一种方式singleton ..

Now below is the one way which I have cracked the singleton..

public class CrackingSingleton {

     public static void main(String[] args) throws ClassNotFoundException,
       IllegalArgumentException, SecurityException,
       InstantiationException, IllegalAccessException,
       InvocationTargetException {

        //First statement retrieves the Constructor object for private constructor of SimpleSingleton class.
        Constructor pvtConstructor = Class.forName("CrackingSingleton.SingletonObject").getDeclaredConstructors()[0];
        //Since the constructor retrieved is a private one, we need to set its accessibility to true.
        pvtConstructor.setAccessible(true);
        //Last statement invokes the private constructor and create a new instance of SimpleSingleton class.
         SingletonObject  notSingleton1 = ( SingletonObject) pvtConstructor.newInstance(null);
         System.out.println(notSingleton1.hashCode());
         System.out.println("notSingleton1 --->"+notSingleton1.toString());
         SingletonObject  notSingleton2 = ( SingletonObject) pvtConstructor.newInstance(null);
         System.out.println("notSingleton2 --->"+notSingleton2.hashCode());
         System.out.println(notSingleton2.toString());
    }
}

请告知单身人士的其他方式破解.. !!

Please advise other ways also by which the singleton can be cracked..!!

推荐答案

我能想到的三种方式是：

Three ways I can think of are:

如果您的单例类是可序列化的，那么您可以序列化它的一个实例，然后反序列化它并获取该类的第二个对象。

If your singleton class is serializable, then you could serialize an instance of it, and deserialize it back and get a second object of that class.

你可以通过实现 readResolve 方法。

public class Singleton implements Serializable {
   private static final Singleton INSTANCE = new Singleton();

   public static Singleton getInstance(){
       return INSTANCE;
   }

   public Object readResolve() throws ObjectStreamException {
        return INSTANCE; //ensure singleton is returned upon deserialization.
   }
}

等级加载

同一个类可以由两个不同的类加载器加载，因此，你可以通过简单地调用它的 getInstance 方法来创建你的单例类的两个实例。由两个不同的类加载器加载的类。这种方法可以工作，而不必诉诸于违反私有构造函数。

Class Loading

The same class could be loaded by two different class loaders, as such, you could create two instances of your singleton class by simply invoking its getInstance method in a class loaded by two different class loaders. This approach would work without having to resort to violating the private constructor.

ClassLoader cl1 = new URLClassLoader(new URL[]{"singleton.jar"}, null);
ClassLoader cl2 = new URLClassLoader(new URL[]{"singleton.jar"}, null);
Class<?> singClass1 = cl1.loadClass("hacking.Singleton");
Class<?> singClass2 = cl2.loadClass("hacking.Singleton");
//...
Method getInstance1 = singClass1.getDeclaredMethod("getInstance", ...);
Method getInstance2 = singClass2.getDeclaredMethod("getInstance", ...);
//...
Object singleton1 = getInstance1.invoke(null);
Object singleton2 = getInstance2.invoke(null);

反思

因为你有很好的指向out，通过反射你可以创建该类的两个实例。我认为前面的例子只是同一种方法的一种变体。但我相信你可以使用 SecurityManager 阻止这两者发生。

System.setSecurityManager(new SecurityManager());

这篇关于用其他方式破解单身人士的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！