September 22, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Java Language Security: Controlling Access to a Class

  • December 8, 2006
  • By Matt Weisfeld
  • Send Email »
  • More Articles »

By adhering to the rules of data hiding, you can prohibit other classes from incorporating your class and directly accessing attributes. However, this level of data protection does pose a significant limitation. For example, assume that you want to use inheritance in your design. Create a class called PlatinumChecking that inherits the CheckingAccount class. In this case, a Platinum account contains all of the advantages of a regular checking account and provides some added benefits to select customers.

class CheckingAccount {
   private String accountNumber;
   private double accountBalance = 1000000.00;
}
// PlatinumChecking
public class PlatinumChecking extends CheckingAccount {

   public void PlatinumChecking() {
      System.out.println("Balance = " + accountBalance);
   }

}
class AccountList {
   public static void main(String args[]) {
      PlatinumChecking myList = new PlatinumChecking();
      System.out.println("Balance = " + myList.accountBalance);
   }
}

Listing 6: Controlled Access Using Inheritance

Now, when you attempt to execute the AccountList application yet again (Listing 6), access to the accountBalance is still prohibited—the private access designation prohibits even a subclass from inspecting it.



Click here for a larger image.

Figure 3: Compiler Controlling Access to a Protected Attribute

You have encountered the two extremes of security in terms of access members of a class. Using the public access modifier basically leaves the class member totally unprotected, whereas the private access modifier explicitly prohibits any other class from accessing the item directly—even a subclass.

There are other access modifiers besides public and private. In the rest of the article, you will explore the subtleties of using the various access modifiers and when to use them in your design.

Access level modifiers

Before you specifically look at other individual access modifiers, it is helpful to look at a table that is provided on the Sun web site. This table indicates the access levels permitted by each of the modifiers.

Access Levels
Modifier Class Package Subclass World
public Y Y Y Y
protected Y Y Y N
no modifier Y Y N N
private Y N N N

Source: http://java.sun.com/docs/books/tutorial/java/javaOO/accesscontrol.html

Table 1: Class Access Levels

As you determined in your code examples, the table confirms that the public access modifier allows unlimited access to the class, the package, and any subclass as well any other class (in this table designation, the world). Likewise, the table indicates that the private modifier prohibits access to any outside classes.

Protected level access modifiers

To solve your problem with your inheritance example, you will have to use the protected access modifier to gain access to the accountBalance attribute.

class CheckingAccount {

   protected String accountNumber;
   protected double accountBalance = 1000000.00;

   public double getAccountBalance() {

      return (accountBalance);

   }

}

class PlatinumChecking extends CheckingAccount {

}

class AccountList {

   public static void main(String args[]) {

      PlatinumChecking myList = new PlatinumChecking();

      System.out.println("Balance = " + myList.getAccountBalance());

   }
}

Listing 7: Protected Access using Inheritance

It is important to note that to gain access to the protected attribute from the AccountList application, you had to provide the getAccountBalance() method in the CheckingAccount class. As can be seen in Table 1, the protected access modifier not only allows access to subclasses, but also to any class in the same package.

// CheckingAccount

package Account;

public class CheckingAccount {

   protected String accountNumber;
   protected double accountBalance = 1000000.00;

   public double getAccountBalance() {

      return (accountBalance);

   }

}

// PlatinumChecking
package Account;

public class PlatinumChecking extends CheckingAccount {

}

// AccountList
package Account;

public class AccountList {

   public static void main(String args[]) {

      PlatinumChecking myList = new PlatinumChecking();

      System.out.println("Balance = " + myList.accountBalance);

   }
}

Listing 8: Protected Access using Packages

The interesting issue with the code in Listing 8 is that the AccountList application has been placed in the Account package:

// AccountList
package Account;

Also, note that you are directly accessing the accountBalance attribute—which should not be allowed.

      System.out.println("Balance = " + myList.accountBalance);

When this code is compiled, it compiles cleanly, confirming that the protected access modifier allows all classes within the package full access.

Figure 4: Protected Access using Packages

Note: You instantiated a PlatinumChecking object in the AccountList application., and not a CheckingAccount object. This is important because using the getAccountBalance() method is what actually requires the protected access modifier.




Page 2 of 3



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel