当前位置: 文江博客话题详情

如何防止从特定类调用公共方法

发布于 2024-10-27 17:26:12 字数 534 浏览 1 评论 0原文

我有一个现有的类,我想向其中添加一个方法。但我希望仅从特定类的特定方法调用该方法。有什么方法可以阻止其他类/方法的调用吗?

例如,我有一个现有的类 A

public final class A
{
    //other stuff available for all classes/methods

    //I want to add a method that does its job only if called from a specific method of a class, for example:

    public void method()
    {
        //proceed if called from Class B.anotherMethod() else throw Exception
    }
}

一种方法是获取 method() 内的 StackTrace ,然后确认父方法?

我正在寻找一种更干净、更明智的解决方案,例如模式或其他东西。

原文

I have an existing class into which I want to add a method. But I want the method to be called only from a specific method from a specific class. Is there any way that I can prevent that call from other classes/methods?

For example, I have an existing class A

public final class A
{
    //other stuff available for all classes/methods

    //I want to add a method that does its job only if called from a specific method of a class, for example:

    public void method()
    {
        //proceed if called from Class B.anotherMethod() else throw Exception
    }
}

One way of doing this is getting the StackTrace inside the method() and then confirming the parent method?

What I am looking for is a solution that is more clean and advisable solution like a pattern or something.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(11

音栖息无 2024-11-03 17:26:13

我意识到您的用例声明了“特定 方法 在特定类中”,但我认为您无法在设计时可靠地解决这个问题(而且我想不出无论如何都必须执行此操作的用例)。

以下示例创建了一个简单的设计时解决方案,用于限制对特定类的类方法的访问。但是,它可以轻松扩展到多个允许的类。

它是通过定义一个带有私有构造函数的公共内部类来实现的,该构造函数充当当前方法的关键。在下面的示例中,Bar 类有一个只能从 Foo 类的实例调用的方法。

Class Foo:

public class Foo
{
    public Foo()
    {   
        Bar bar = new Bar();
        bar.method(new FooPrivateKey());
    }

    public class FooPrivateKey
    {
        private FooPrivateKey()
        {   }
    }  
}

Class Bar:

public class Bar
{
    public Bar()
    {

    }

    public void method(FooPrivateKey fooPrivateKey)
    {
        if(fooPrivateKey == null)
        {   throw new IllegalArgumentException("This method should only be called from the Foo class.");}

        //Do originally intended work.
    }
}

我认为这对于反射甚至 FooPrivateKey.class.newInstance() 之类的东西来说无论如何都不安全,但这至少会警告程序员一点比简单的评论或文档更引人注目,而您不必查看更复杂的事情,例如 Roberto 等人的建议TrunfioRonan Quillevere (这也是完全可行的答案,但在我看来,对于大多数情况来说太复杂了)。

我希望这足以满足您的用例。

I realise your use case states 'specific method in specific class', but I don't think you can reliably solve this at design time (and I can't think of a use case where this would have to be enforced anyway).

The following example creates an easy design time solution for restricting the access of a class' method to a particular class. It can, however, be easily extended to multiple allowed classes.

It is achieved by defining a public inner class with a private constructor that acts as a key to the method at hand. In the following example the class Bar has a method that should only be called from an instance of the Foo class.

Class Foo:

public class Foo
{
    public Foo()
    {   
        Bar bar = new Bar();
        bar.method(new FooPrivateKey());
    }

    public class FooPrivateKey
    {
        private FooPrivateKey()
        {   }
    }  
}

Class Bar:

public class Bar
{
    public Bar()
    {

    }

    public void method(FooPrivateKey fooPrivateKey)
    {
        if(fooPrivateKey == null)
        {   throw new IllegalArgumentException("This method should only be called from the Foo class.");}

        //Do originally intended work.
    }
}

I don't think this is by any means safe for things like reflection or even things like FooPrivateKey.class.newInstance(), but this will at least warn the programmer a little more obtrusively than a simple comment or documentation, while you don't have to look in to more complicated things like what was suggested by people like Roberto Trunfio and Ronan Quillevere (which are perfectly viable answers as well, just too complicated for most situations in my opinion).

I hope this is sufficient for your use case.

回复 原文
心的憧憬 2024-11-03 17:26:12

说实话,你已经把自己逼到了墙角了。

如果类 A 和 B 不相关并且不是同一包的成员,那么可见性将无法解决问题。 (即使确实如此,反射也可以用来破坏可见性规则。)

如果代码可以使用反射来调用方法,静态代码分析将无法解决问题。

B.this 作为额外参数传递给 A.method(...) 并没有帮助,因为其他一些类 C 可能会这样做传递一个 B 实例。

这样就只剩下堆栈跟踪方法1...或者放弃并依靠程序员的良好判断力2不调用他们不应该调用的方法。

理想的解决方案是重新审视导致您陷入困境的设计和/或编码决策。

1 - 请参阅其他答案,了解使用注释、安全管理器等向应用程序程序员隐藏堆栈跟踪内容的示例。但请注意,在幕后,您可能会为每个方法调用添加数百甚至数千条指令开销。

2 - 不要低估程序员的良好判断力。大多数程序员在看到不要调用某些方法的建议时,可能会遵循该建议。

To be honest, you have painted yourself into a corner here.

If classes A and B are not related and not members of the same package, then visibility won't solve the problem. (And even if it did, reflection can be used to subvert the visibility rules.)

Static code analysis won't solve the problem if the code can use reflection to call the method.

Passing and checking B.this as an extra parameter to A.method(...) doesn't help because some other class C could pass a B instance.

This leaves only the stacktrace approach1... or giving up and relying on the good sense of the programmer2 not to call methods that they shouldn't.

The ideal solution is to revisit the design and/or coding decisions that got you into this mess.

1 - See other answers for examples that use annotations, a security manager, etc to conceal the stacktrace stuff from the application programmer. But note that under the hood you are adding probably hundreds, possibly thousands of instructions overhead per method call.

2 - Do not underestimate the programmer's good sense. Most programmers, when they see advice not to call some method, are likely to follow that advice.

回复 原文
夏雨凉 2024-11-03 17:26:12

执行此操作的正确方法是使用 SecurityManager。

定义所有想要调用 A.method() 的代码都必须拥有的权限,然后确保只有 BA 拥有该权限权限(这也意味着没有类拥有 AllPermission)。

A 中,您可以使用 System.getSecurityManager().checkPermission(new BMethodPermission()) 进行检查,而在 B 中,您可以调用其中的方法AccessController.doPrivileged(...)

当然,这需要安装安全管理器(并且它使用合适的策略) - 如果没有安装,所有代码都是受信任的,每个人都可以调用所有内容(如果需要,可以使用反射)。

The right way to do this would be a SecurityManager.

Define a permission which all code which wants to call A.method() has to have, and then make sure only B and A have that permission (this also means that no class has AllPermission).

In A, you check this with System.getSecurityManager().checkPermission(new BMethodPermission()), and in B you call the method inside of AccessController.doPrivileged(...).

Of course, this requires that a security manager is installed (and it uses suitable policies) - if it isn't, all code is trusted and everyone can call everything (if necessary, with Reflection).

回复 原文
长梦不多时 2024-11-03 17:26:12

您可以考虑使用接口。如果您传入调用类,您可以确认该类属于适当的类型。

或者,如果您使用 Java,则可以使用“默认”或“包”级别访问(例如 void method() 与 public void method())。这将允许您的方法被包内的任何类调用,并且不需要您将该类传递给该方法。

You might consider using an interface. If you're passing in the calling class, you can confirm that the class is of the appropriate type.

Alternatively, if you're using Java, you can use "default" or "package" level access (e.g. void method() vs. public void method()). This will allow your method to be called by any class inside the package and does not require that you pass the class to the method.

回复 原文
橘味果▽酱 2024-11-03 17:26:12

在运行时进行确认的唯一方法是获取堆栈跟踪。即使它是私有的,您也可以通过反射访问该方法。

更简单的方法是检查 IDE 中的用法。 (前提是它不通过反射调用)

The only way to check for sure at run time is to take a stack trace. Even if its private you can access the method via reflections.

A simpler way to do this would be to check usages in your IDE. (provided its not called via reflections)

回复 原文
北方。的韩爷 2024-11-03 17:26:12

正如其他人提到的,使用堆栈跟踪是实现您正在寻找的功能的一种方法。一般来说,如果需要“阻止”调用者使用 public 方法,这可能是设计不佳的表现。根据经验,请使用尽可能限制范围的访问修饰符。然而,将方法设为包私有或受保护并不总是一种选择。有时,人们可能希望将某些类分组到一个单独的包中。在这种情况下,默认(包私有)访问限制太多,并且子类化通常没有意义,因此 protected 也没有帮助。

如果需要限制对某些类的调用,您可以创建一个如下方法:

public static void checkPermission(Class... expectedCallerClasses) {
    StackTraceElement callerTrace = Thread.currentThread().getStackTrace()[3];
    for (Class expectedClass : expectedCallerClasses) {
        if (callerTrace.getClassName().equals(expectedClass.getName())) {
            return;
        }
    }
    throw new RuntimeException("Bad caller.");
}

使用它非常简单:只需指定哪些类可以调用该方法。例如,

public void stop() {
    checkPermission(ShutdownHandler.class);
    running = false;
}

如果 stop 方法被 ShutdownHandler 之外的类调用,checkPermission 将抛出一个IllegalStateException

您可能想知道为什么 checkPermission 被硬编码为使用堆栈跟踪的第四个元素。这是因为 Thread#getStackTrace() 使最近调用的方法成为第一个元素。因此,

  • getStackTrace()[0] 将是对 getStackTrace 本身的调用。
  • getStackTrace()[1] 将调用 checkPermission
  • getStackTrace()[2] 将调用 stop
  • getStackTrace()[3] 将是调用 stop 的方法。这就是我们感兴趣的。

您提到您希望从特定类方法中调用方法,但checkPermission仅检查类名。添加检查方法名称的功能只需要进行一些修改,因此我将其作为练习。

As others have mentioned, using the stack trace is one way to implement the functionality that you are looking for. Generally, if one needs to "block" callers from a public method, it could be a sign of poor design. As a rule of thumb, use access modifiers that restrict the scope as much as possible. However, making a method package-private or protected is not always an option. Sometimes, one may want to group some classes in a separate package. In that case, the default (package-private) access is too restrictive, and it usually does not make sense to subclass, so protected is not helpful either.

If restricting calling to certain classes is desired, you can create a method like:

public static void checkPermission(Class... expectedCallerClasses) {
    StackTraceElement callerTrace = Thread.currentThread().getStackTrace()[3];
    for (Class expectedClass : expectedCallerClasses) {
        if (callerTrace.getClassName().equals(expectedClass.getName())) {
            return;
        }
    }
    throw new RuntimeException("Bad caller.");
}

Using it is very simple: just specify what class(es) can call the method. For example,

public void stop() {
    checkPermission(ShutdownHandler.class);
    running = false;
}

So, if the stop method gets called by a class other than ShutdownHandler, checkPermission will throw an IllegalStateException.

You may wonder why checkPermission is hard-coded to use the fourth element of the stack trace. This is because Thread#getStackTrace() makes the most recently called method the first element. So,

  • getStackTrace()[0] would be the call to getStackTrace itself.
  • getStackTrace()[1] would be the call to checkPermission.
  • getStackTrace()[2] would be the call to stop.
  • getStackTrace()[3] would be the method that called stop. This is what we are interested in.

You mentioned that you want methods to be called from a specific class and method, but checkPermission only checks for class names. Adding the functionality to check for method names requires only a few modifications, so I'm going to leave that as an exercise.

回复 原文
月依秋水 2024-11-03 17:26:12

正确使用protected

Make proper use of protected

回复 原文
泪冰清 2024-11-03 17:26:12

在java中执行此操作的标准方法是将B类和A类放在同一个包中(可能是当前应用程序的子包)并使用默认可见性。

默认的 java 可见性是“包私有”,这意味着该包中的所有内容都可以看到您的方法,但该包之外的任何内容都无法访问它。

另请参阅:
有没有办法模拟C++ Java中的“朋友”概念?

The standard way to do this in java is to put Class B and Class A in the same package (maybe a subpackage of your current application) and use the default visibility.

The default java visibility is "package-private" which means everything in that package can see your method, but nothing outside that package can access it.

See Also:
Is there a way to simulate the C++ 'friend' concept in Java?

回复 原文
山有枢 2024-11-03 17:26:12

假设您只需将此限制应用于项目中的类,静态分析可能适合您 - 例如 ArchUnit 测试:

package net.openid.conformance.archunit;

import com.google.gson.JsonElement;
import com.tngtech.archunit.base.DescribedPredicate;
import com.tngtech.archunit.core.domain.AccessTarget;
import com.tngtech.archunit.core.domain.JavaClass;
import com.tngtech.archunit.core.domain.JavaClasses;
import com.tngtech.archunit.core.importer.ClassFileImporter;
import com.tngtech.archunit.lang.ArchRule;
import net.openid.conformance.testmodule.OIDFJSON;
import org.junit.Test;

import static com.tngtech.archunit.core.domain.JavaCall.Predicates.target;
import static com.tngtech.archunit.core.domain.JavaClass.Predicates.assignableTo;
import static com.tngtech.archunit.core.domain.properties.HasName.Predicates.*;
import static com.tngtech.archunit.core.domain.properties.HasOwner.Predicates.With.owner;
import static com.tngtech.archunit.lang.conditions.ArchPredicates.are;
import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.noClasses;

public class PreventGetAs {
    @Test
    public void doNotCallJsonElementGetAs() {
        JavaClasses importedClasses = new ClassFileImporter().importPackages("net.openid.conformance");

        JavaClasses allExceptOIDFJSON = importedClasses.that(DescribedPredicate.not(nameContaining("OIDFJSON")));

        ArchRule rule = noClasses().should().callMethodWhere(
            target(nameMatching("getAs[^J].*")) // ignores getAsJsonObject/getAsJsonPrimitive/etc which are fine
                .and(target(owner(assignableTo(JsonElement.class)))
        )).because("the getAs methods perform implicit conversions that might not be desirable - use OIDFJSON wrapper instead");

        rule.check(allExceptOIDFJSON);
    }
}

Assuming that you only need to apply this restriction to classes within your project, static analysis could work for you - for example an ArchUnit test:

package net.openid.conformance.archunit;

import com.google.gson.JsonElement;
import com.tngtech.archunit.base.DescribedPredicate;
import com.tngtech.archunit.core.domain.AccessTarget;
import com.tngtech.archunit.core.domain.JavaClass;
import com.tngtech.archunit.core.domain.JavaClasses;
import com.tngtech.archunit.core.importer.ClassFileImporter;
import com.tngtech.archunit.lang.ArchRule;
import net.openid.conformance.testmodule.OIDFJSON;
import org.junit.Test;

import static com.tngtech.archunit.core.domain.JavaCall.Predicates.target;
import static com.tngtech.archunit.core.domain.JavaClass.Predicates.assignableTo;
import static com.tngtech.archunit.core.domain.properties.HasName.Predicates.*;
import static com.tngtech.archunit.core.domain.properties.HasOwner.Predicates.With.owner;
import static com.tngtech.archunit.lang.conditions.ArchPredicates.are;
import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.noClasses;

public class PreventGetAs {
    @Test
    public void doNotCallJsonElementGetAs() {
        JavaClasses importedClasses = new ClassFileImporter().importPackages("net.openid.conformance");

        JavaClasses allExceptOIDFJSON = importedClasses.that(DescribedPredicate.not(nameContaining("OIDFJSON")));

        ArchRule rule = noClasses().should().callMethodWhere(
            target(nameMatching("getAs[^J].*")) // ignores getAsJsonObject/getAsJsonPrimitive/etc which are fine
                .and(target(owner(assignableTo(JsonElement.class)))
        )).because("the getAs methods perform implicit conversions that might not be desirable - use OIDFJSON wrapper instead");

        rule.check(allExceptOIDFJSON);
    }
}
回复 原文
诗笺 2024-11-03 17:26:12

您可以通过使用注释和反射来做到这一点。我将报告一个类似的情况,即您可以让该方法仅由外部类中的特定方法调用的情况。假设必须通过对其公共方法的任何调用来“保护”的类是 Invoked,而 Invoker 是具有启用方法来调用一个或多个方法的类。来自Invoked的更多方法。然后,您可以执行如下所示的操作。

public class Invoked{

  @Retention(RetentionPolicy.RUNTIME)
  @Target(ElementType.METHOD)
  public static @interface CanInvoke{} 


   public void methodToBeInvoked() {
    boolean canExecute=false;
    try {
        //get the caller class
        StackTraceElement element = (new Throwable()).getStackTrace()[1];
        String className = element.getClassName();
        Class<?> callerClass = Class.forName(className);
        //check if caller method is annotated
        for (Method m : callerClass.getDeclaredMethods()) {
            if (m.getName().equals(methodName)) {
                if(Objects.nonNull(m.getAnnotation(EnabledToMakeOperationRemoved.class))){
                    canExecute = true;
                    break;
                }
            }
        }

    } catch (SecurityException | ClassNotFoundException ex e) {
        //In my case does nothing
    }
    if(canExecute){
      //do something
    }
    else{
      //throw exception
    }
   }
}

Invoker 类是

public class Invoker{
   private Invoked i;

   @Invoked.CanInvoke
   public void methodInvoker(){
     i.methodToBeInvoked();
   }

}

注意,启用调用的方法是用 CanInvoke 注解进行注解的。

您所请求的情况与此类似。您注释无法调用公共方法的类/方法,然后仅当该方法/类未注释时才将 canExecute 变量设置为 true

You can do it by using annotations and reflection. I will report a similar case, i.e. the case where you can let the method being called only by specific methods from extenal classes. Suppose that the class that must be "protected" by a whatsoever invocation of the its public methods is Invoked, while Invoker is the class tha has a method enabled to invoke one or more methods from Invoked. Then, you can do something like reported in the following.

public class Invoked{

  @Retention(RetentionPolicy.RUNTIME)
  @Target(ElementType.METHOD)
  public static @interface CanInvoke{} 


   public void methodToBeInvoked() {
    boolean canExecute=false;
    try {
        //get the caller class
        StackTraceElement element = (new Throwable()).getStackTrace()[1];
        String className = element.getClassName();
        Class<?> callerClass = Class.forName(className);
        //check if caller method is annotated
        for (Method m : callerClass.getDeclaredMethods()) {
            if (m.getName().equals(methodName)) {
                if(Objects.nonNull(m.getAnnotation(EnabledToMakeOperationRemoved.class))){
                    canExecute = true;
                    break;
                }
            }
        }

    } catch (SecurityException | ClassNotFoundException ex e) {
        //In my case does nothing
    }
    if(canExecute){
      //do something
    }
    else{
      //throw exception
    }
   }
}

and the Invoker class is

public class Invoker{
   private Invoked i;

   @Invoked.CanInvoke
   public void methodInvoker(){
     i.methodToBeInvoked();
   }

}

Note that the method that is enabled to invoke is annotated with the CanInvoke annotation.

The case that you requested is similar. You annotate the classes/method that cannot call the public method and then you set to true the canExecute variable only if the method/class is not annotated.

回复 原文
深府石板幽径 2024-11-03 17:26:12

您可以使用 Macker 之类的工具并将其添加到您的构建过程中以检查某些规则是否得到遵守,例如

<?xml version="1.0"?>
<macker>    
    <ruleset name="Simple example">
        <access-rule>
            <deny>
                <from class="**Print*" />
                <to class="java.**" />
            </deny>
        </access-rule>
    </ruleset>
</macker>

它将不会阻止您编写错误的代码,但如果您使用 Maven 或其他构建系统,它可能会在构建过程中引发错误。

该工具在“类”级别工作,而不是在“方法”级别工作,但我不认为有必要阻止从某个类仅调用一种方法......

You can use a tool like Macker and add it to your build process to check some rules are respected, like

<?xml version="1.0"?>
<macker>    
    <ruleset name="Simple example">
        <access-rule>
            <deny>
                <from class="**Print*" />
                <to class="java.**" />
            </deny>
        </access-rule>
    </ruleset>
</macker>

It will NOT prevent you from writing wrong code but if you use Maven or another build system it can raise an error during your build process.

This tools work at a "class" level not at a "method" level but I do not see the point of preventing the call of only one method from a certain class ...

回复 原文
~没有更多了~

关于作者

已下线请稍等

暂无简介

0 文章
0 评论
906 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

烙印

文章 0 评论 0

singlesman

文章 0 评论 0

给自己一个微笑

文章 0 评论 0

独孤求败

文章 0 评论 0

晨钟暮鼓

文章 0 评论 0

我是自愿种绣球花的

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文