Java Security Manager完全禁用反射 [英] Java Security Manager completely disable reflection

问题描述

我已经在Stackoverflow上阅读了很多有关此问题的问题，但无法退出找到解决方案或答案.如果已经有一个，请给我一个提示，我将不胜感激...

I've been reading quite a lot of questions on Stackoverflow about this question but couldn't quit find a solution or answer for my problem. If there is already one I would be grateful if somebody would give a hint ...

我的问题/问题是，是否有可能针对不可靠的代码完全禁用反射功能?类似于getDeclaredMethods()的功能(请参见test.java).我已经有一个Java安全管理器，如果代码尝试写/读/等，它会引发安全异常. ...

My problem/question is if it is possible to completely disable reflection for not trustworthy code? Functions like getDeclaredMethods()(See test.java). I've already got a Java Security Manager which throws Security Exceptions if the code tries to write/read/etc. ...

如果可能的话，有人可以告诉我如何做吗?

If it is possible, can somebody show me how?

布鲁诺

test.java

TestClass cls = new TestClass();
Class c = cls.getClass();

// returns the array of Method objects 
Method[] m = c.getDeclaredMethods();
for(int i = 0; i < m.length; i++) {
   System.out.println("method = " + m[i].toString());
}

推荐答案

所以我不直接使用checkPermission()解决了这个问题.我的解决方法是检查是否访问了java.lang.reflect包.

So I solved the problem not directly with checkPermission(). My workaround is to check if the java.lang.reflect package is accessed.

@Override
public void checkPackageAccess(String pkg){

    // don't allow the use of the reflection package
    if(pkg.equals("java.lang.reflect")){
        throw new SecurityException("Reflection is not allowed!");
    }
}

这篇关于Java Security Manager完全禁用反射的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！