H
handy1820
Hi,
I'm playing around with java scripting (JSR 223) and at the moment
I've hit upon a strange scenario which I'm not sure is a works as
intended or is some sort of bug either in the groovy implementation or
the JSR 223 implementation, or may be dumb user error, so figured I'd
post.
I have a class that I expose to a script engine (groovy currently)
that has a method declared private. Yet I am finding that from the
script it is able to actually execute the method. So I'm not sure if
this is a bug or if when accessing a script if the access modifier is
total somehow disregarded.
The class that I have is as follows
public class testfoo2 {
private String blar;
public void setBlar(String foo){
System.out.println("Setting Blar to be =
"+foo);
blar = foo;
}
public String getBlar(){
System.out.println("getBlar() called");
return blar;
}
private String getBlar2(){
System.out.println("getBlar2() called in
testfoo2");
return blar;
}
}
The code for evaluating a script that accesses this class is as
follows;
ScriptEngineManager factory = new ScriptEngineManager();
ScriptEngine engine =
factory.getEngineByName("groovy");
testfoo2 flobber = new testfoo2();
engine.put("foo", flobber);
String script= " foo.setBlar(\"BLAR BLAR BLAR\");
println(\"Result=\"+foo.getBlar2());";
engine.eval(script);
The output that is generated is as follows
Setting Blar to be = BLAR BLAR BLAR
getBlar2() called in testfoo2
Result=BLAR BLAR BLAR
getBlar() called
Given that getBlar2() is a private method I would have expected some
kid of exception to be generated. But no such luck. So can anyone shed
any light on this? Do objects exposed to scripts loose all of their
access rights ? If so is there a recommended way around that to hide
such methods ?
I've also tried setting foo.blar as well from the script and even that
works directly ? And finally I did the same using the javascript
(Rhino) inbuilt engine and still the same. So still not sure how I can
safe guard a classes internals if basically I can access anything from
the class.
Any advice on this ?
Wayne
I'm playing around with java scripting (JSR 223) and at the moment
I've hit upon a strange scenario which I'm not sure is a works as
intended or is some sort of bug either in the groovy implementation or
the JSR 223 implementation, or may be dumb user error, so figured I'd
post.
I have a class that I expose to a script engine (groovy currently)
that has a method declared private. Yet I am finding that from the
script it is able to actually execute the method. So I'm not sure if
this is a bug or if when accessing a script if the access modifier is
total somehow disregarded.
The class that I have is as follows
public class testfoo2 {
private String blar;
public void setBlar(String foo){
System.out.println("Setting Blar to be =
"+foo);
blar = foo;
}
public String getBlar(){
System.out.println("getBlar() called");
return blar;
}
private String getBlar2(){
System.out.println("getBlar2() called in
testfoo2");
return blar;
}
}
The code for evaluating a script that accesses this class is as
follows;
ScriptEngineManager factory = new ScriptEngineManager();
ScriptEngine engine =
factory.getEngineByName("groovy");
testfoo2 flobber = new testfoo2();
engine.put("foo", flobber);
String script= " foo.setBlar(\"BLAR BLAR BLAR\");
println(\"Result=\"+foo.getBlar2());";
engine.eval(script);
The output that is generated is as follows
Setting Blar to be = BLAR BLAR BLAR
getBlar2() called in testfoo2
Result=BLAR BLAR BLAR
getBlar() called
Given that getBlar2() is a private method I would have expected some
kid of exception to be generated. But no such luck. So can anyone shed
any light on this? Do objects exposed to scripts loose all of their
access rights ? If so is there a recommended way around that to hide
such methods ?
I've also tried setting foo.blar as well from the script and even that
works directly ? And finally I did the same using the javascript
(Rhino) inbuilt engine and still the same. So still not sure how I can
safe guard a classes internals if basically I can access anything from
the class.
Any advice on this ?
Wayne