javax.script and access to private methods in a java class is allowed?

Discussion in 'Java' started by handy1820@yahoo.com, Sep 8, 2008.

  1. Guest

    Hi,

    I'm playing around with java scripting (JSR 223) and at the moment
    I've hit upon a strange scenario which I'm not sure is a works as
    intended or is some sort of bug either in the groovy implementation or
    the JSR 223 implementation, or may be dumb user error, so figured I'd
    post.

    I have a class that I expose to a script engine (groovy currently)
    that has a method declared private. Yet I am finding that from the
    script it is able to actually execute the method. So I'm not sure if
    this is a bug or if when accessing a script if the access modifier is
    total somehow disregarded.

    The class that I have is as follows

    public class testfoo2 {
    private String blar;

    public void setBlar(String foo){
    System.out.println("Setting Blar to be =
    "+foo);
    blar = foo;
    }

    public String getBlar(){
    System.out.println("getBlar() called");
    return blar;
    }

    private String getBlar2(){
    System.out.println("getBlar2() called in
    testfoo2");
    return blar;
    }

    }


    The code for evaluating a script that accesses this class is as
    follows;

    ScriptEngineManager factory = new ScriptEngineManager();
    ScriptEngine engine =
    factory.getEngineByName("groovy");

    testfoo2 flobber = new testfoo2();
    engine.put("foo", flobber);
    String script= " foo.setBlar(\"BLAR BLAR BLAR\");
    println(\"Result=\"+foo.getBlar2());";
    engine.eval(script);


    The output that is generated is as follows

    Setting Blar to be = BLAR BLAR BLAR
    getBlar2() called in testfoo2
    Result=BLAR BLAR BLAR
    getBlar() called

    Given that getBlar2() is a private method I would have expected some
    kid of exception to be generated. But no such luck. So can anyone shed
    any light on this? Do objects exposed to scripts loose all of their
    access rights ? If so is there a recommended way around that to hide
    such methods ?

    I've also tried setting foo.blar as well from the script and even that
    works directly ? And finally I did the same using the javascript
    (Rhino) inbuilt engine and still the same. So still not sure how I can
    safe guard a classes internals if basically I can access anything from
    the class.

    Any advice on this ?

    Wayne
     
    , Sep 8, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    745
    Esmond Pitt
    Mar 27, 2005
  2. Andrew Thompson

    javax.servlet and javax.servlet.http

    Andrew Thompson, Apr 24, 2007, in forum: Java
    Replies:
    1
    Views:
    664
    newbie_at_tomcat
    Apr 25, 2007
  3. Lew
    Replies:
    1
    Views:
    615
    newbie_at_tomcat
    Apr 25, 2007
  4. Kenneth McDonald
    Replies:
    5
    Views:
    319
    Kenneth McDonald
    Sep 26, 2008
  5. Iñaki Baz Castillo
    Replies:
    13
    Views:
    502
    Iñaki Baz Castillo
    May 1, 2011
Loading...

Share This Page