Results 1 to 7 of 7
  1. #1
    ilya is offline Member
    Join Date
    Apr 2011
    Posts
    2
    Rep Power
    0

    Default package-private members

    It seems that you can access package-private members from outside a third-party package, by adding your own class to the package which would access the package-visible members of other classes and expose them via its own public emthods. E.g. you could define your own class to be in package java.util, which could then access package-private members of java.util classes and expose them. Is that accurate? Are there no restrictions on defining your own classes to be in third-party packages?

  2. #2
    pbrockway2 is offline Moderator
    Join Date
    Feb 2009
    Location
    New Zealand
    Posts
    4,565
    Rep Power
    12

    Default

    E.g. you could define your own class to be in package java.util, which could then access package-private members of java.util classes and expose them. Is that accurate?

    Unless I'm missing something that sounds reasonable to me. After all that is exactly what the third party developers do all the time: add things to the package.

    Have you searched java.util for a package private member and added your own class?

  3. #3
    ilya is offline Member
    Join Date
    Apr 2011
    Posts
    2
    Rep Power
    0

    Default

    > what the third party developers do all the time: add things to the package.

    I meant, what if _you_ add a class to _their_ package?
    E.g. I had thought that if I create a package, say org.ilya, and have some
    package-private members, then they cannot be read or written by anyone's code without going through my code.

    But it seems that anyone can "parachute" their class into my package, and access package-private members that way. People normally don't do that of course; you don't normally write classes to be "parachuted into" java.util .
    But it seems that this makes the package-private abstraction barrier optional rather than mandatory: anything exposed to the package can be read/written by any other program part directly. (In contrast to class-private members).

    Is that correct?

  4. #4
    pbrockway2 is offline Moderator
    Join Date
    Feb 2009
    Location
    New Zealand
    Posts
    4,565
    Rep Power
    12

    Default

    I meant, what if _you_ add a class to _their_ package?

    Yes, I understood that. But I simply could not see how the javac executable was supposed to figure out whether or not I who had typed the command to compile was employed by Company X who wrote the library.

    I am not sure what you mean by "going through" code. If there is a package private member in org.ilya then any class added to the package (by you, by me, by anyone who can invoke the javac executable) can - by design - access the member.

    Personally I wonder whether "package-private abstraction" is any sort of barrier at all.

    -------------------

    So, have you ripped open src.jar and found a suitable test in one of the classes of java.util?

  5. #5
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,361
    Blog Entries
    7
    Rep Power
    20

    Default

    Quote Originally Posted by pbrockway2 View Post
    Personally I wonder whether "package-private abstraction" is any sort of barrier at all.
    If you seal the jar where the entire package is stored, you can't add new classes to the package (without performing surgery on the original jar file).

    kind regards,

    Jos
    cenosillicaphobia: the fear for an empty beer glass

  6. #6
    masijade is offline Senior Member
    Join Date
    Jun 2008
    Posts
    2,571
    Rep Power
    9

    Default

    Quote Originally Posted by JosAH View Post
    If you seal the jar where the entire package is stored, you can't add new classes to the package (without performing surgery on the original jar file).

    kind regards,

    Jos
    Just what I was going to mention. If you want an example of that (OP), to see what it looks like, look at some of the jars in the JRE.

  7. #7
    dlorde is offline Senior Member
    Join Date
    Jun 2008
    Posts
    339
    Rep Power
    7

    Default

    The Java access specifiers are intended as design/architectural features, not security features, assuming that was the thrust of the OP.

Similar Threads

  1. Default / package-private access
    By genkuro in forum New To Java
    Replies: 1
    Last Post: 12-30-2010, 06:08 AM
  2. Replies: 7
    Last Post: 06-28-2010, 07:52 AM
  3. run package inside anthor package
    By AhmedAdel in forum AWT / Swing
    Replies: 4
    Last Post: 04-20-2010, 11:52 AM
  4. private data members?
    By blueduiker in forum New To Java
    Replies: 10
    Last Post: 01-19-2010, 11:13 AM
  5. Replies: 7
    Last Post: 11-09-2009, 07:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •