SecurityManager
有一个checkMemberAccess这个方法可以阻止利用反射;
如:
SecurityManager sm = new SecurityManager(); sm.checkMemberAccess(Test.class, Member.PUBLIC);
前面一个为CLASS,后面需要填一个INT值,Member.PUBLIC 代表可以访问,
如果是PUBLIC,反射可以执行,DECLARED,反射运行时,会报错。
SecurityManager另外一个例子:
package com.jd.basic.pk.manager; import java.lang.reflect.Field; import java.security.Permission; public class UseReflection { static { try { System.setSecurityManager(new MySecurityManager()); } catch (SecurityException se) { System.out.println("SecurityManager already set!"); } } public static void main(String args[]) { Object prey = new Prey(); try { Field pf = prey.getClass().getDeclaredField("privateString"); pf.setAccessible(true); pf.set(prey, "Aminur test"); System.out.println(pf.get(prey)); } catch (Exception e) { System.err.println("Caught exception " + e.toString()); } } } class Prey { @SuppressWarnings("unused") private String privateString = "privateValue"; } class MySecurityManager extends SecurityManager { public void checkPermission(Permission perm) { if (perm.getName().equals("suppressAccessChecks")) { throw new SecurityException("Can not change the permission dude.!"); } } }
参考:http://bbs.csdn.net/topics/390472034