tags:

views:

87

answers:

2
+3  Q: 

how java jaxb works?

Just curious about how jaxb works, I have a class annotated as follows:

@XmlRootElement(name = "MyJaxb")
Class MyJaxb
{
      @XmlElement
      protected String str;

      public void setStr(String str)
      {
           this.str = str;
      }
 }

The access modifier of field str is protected, why Jaxb can still marshall and unmarshall it?

+6  A: 

It uses reflection. A protected or private field or method can be accessed using the reflection API (using setAccessible(true) on the appropriate Field or Method object).

Remember - public, protected and private are controls on default visibility, nothing more. They do not (and cannot) prevent access using reflection.

skaffman  2010-08-02 19:57:00
Thanks, but just curious why Java provides the interface like reflection to change the modifiers(setAccessible(true)), what is the point? I mean it breaks the idea of access control
Guoqin  2010-08-02 20:25:20
@Guoqin if you really want, you can force your way through access control using reflection, but then you know that you're deliberately breaking it. Access control keywords are meant to express the intent of the programmer, they are not meant as a security tool. If a programmer makes a field `private`, (s)he's saying "you're not supposed to mess with this field yourself" - if you force it, the behaviour of the program cannot be guaranteed.
Jesper  2010-08-02 20:58:11
@Jesper is right, however the ability to modify private/protected fields can be block at the level of Java security manager (if someone is paranoid enough to do it)
Piotr Kochański  2010-10-01 11:08:03
A: 

Beyond answer that reflection can by-pass checks (which is correct), this is also something that other JDK internal parts need, specifically default Object serialization and deserialization. In general this is allowed because many tools benefit from such access. And like others have correctly pointed out, access rights are not meant as real security barriers. They are there to help programmers design abstractions properly, make it easier to come up with good designs.

StaxMan  2010-09-02 19:18:20

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java