I have a class Formula
, located in package javaapplication4
, which I load with a URLClassLoader. However, when I call it from another class Test1
, located in the same package, I can't access its methods that have a default access modifier (I can access public methods).
I get the following exception:
java.lang.IllegalAccessException: Class javaapplication4.Test1 can not access a member of class javaapplication4.Formula with modifiers ""
How can I access package-private methods of a class loaded at runtime from the same package?
I suppose it is a problem with using a different class loader, but not sure why (I have set the parent of the URLClassLoader).
SSCCE reproducing the issue (Windows paths) - I suppose the issue is in the loadClass
method:
public class Test1 {
private static final Path TEMP_PATH = Paths.get("C:/temp/");
public static void main(String[] args) throws Exception {
String thisPackage = Test1.class.getPackage().getName();
String className = thisPackage + ".Formula"; //javaapplication4.Formula
String body = "package " + thisPackage + "; "
+ "public class Formula { "
+ " double calculateFails() { "
+ " return 123; "
+ " } "
+ " public double calculate() {"
+ " return 123; "
+ " } "
+ "} ";
compile(className, body, TEMP_PATH);
Class<?> formulaClass = loadClass(className, TEMP_PATH);
Method calculate = formulaClass.getDeclaredMethod("calculate");
double value = (double) calculate.invoke(formulaClass.newInstance());
//next line prints 123
System.out.println("value = " + value);
Method calculateFails = formulaClass.getDeclaredMethod("calculateFails");
//next line throws exception:
double valueFails = (double) calculateFails.invoke(formulaClass.newInstance());
System.out.println("valueFails = " + valueFails);
}
private static Class<?> loadClass(String className, Path path) throws Exception {
URLClassLoader loader = new URLClassLoader(new URL[]{path.toUri().toURL()}, Test1.class.getClassLoader());
return loader.loadClass(className);
}
private static void compile(String className, String body, Path path) throws Exception {
List<JavaSourceFromString> sourceCode = Arrays.asList(new JavaSourceFromString(className, body));
JavaCompiler compiler = ToolProvider.getSystemJavaCompiler();
StandardJavaFileManager fileManager = compiler.getStandardFileManager(null, null, null);
fileManager.setLocation(StandardLocation.CLASS_OUTPUT, Arrays.asList(path.toFile()));
boolean ok = compiler.getTask(null, fileManager, null, null, null, sourceCode).call();
System.out.println("compilation ok = " + ok);
}
public static class JavaSourceFromString extends SimpleJavaFileObject {
final String code;
JavaSourceFromString(String name, String code) {
super(URI.create("string:///" + name.replace('.', '/') + JavaFileObject.Kind.SOURCE.extension),
JavaFileObject.Kind.SOURCE);
this.code = code;
}
@Override
public CharSequence getCharContent(boolean ignoreEncodingErrors) {
return code;
}
}
}
The private modifier specifies that the member can only be accessed in its own class. The protected modifier specifies that the member can only be accessed within its own package (as with package-private) and, in addition, by a subclass of its class in another package.
public : accessible from everywhere. protected : accessible by the classes of the same package and the subclasses residing in any package. default (no modifier specified): accessible by the classes of the same package. private : accessible within the same class only.
The protected access modifier is accessible within package and outside the package but through inheritance only. The protected access modifier can be applied on the data member, method and constructor. It can't be applied on the class. It provides more accessibility than the default modifer.
When we don't use any keyword explicitly, Java will set a default access to a given class, method or property. The default access modifier is also called package-private, which means that all members are visible within the same package but aren't accessible from other packages: package com.
A class at runtime is identified by both its fully qualified name and its ClassLoader.
For example, when you test two Class<T>
objects for equality, if they have the same canonical name but were loaded from different ClassLoaders, they won't be equal.
For two classes to belong to the same package (and in turn being able to access package-private methods), they need to be loaded from the same ClassLoader too, which is not the case here. In fact Test1
is loaded by the system classloader, while the Formula is loaded by the URLClassLoader created inside loadClass()
.
If you specify a parent loader for your URLClassLoader in order to make it load Test1
, still two different loaders are used (you can check it by asserting loaders equality).
I don't think you can make the Formula
class loaded by the same Test1
ClassLoader (you'd have to use a well-known path and put it on the CLASSPATH), but I found a way to do the opposite: loading another instance of Test1
in the ClassLoader used for loading the formula. This is the layout in pseudocode:
class Test1 {
public static void main(String... args) {
loadClass(formula);
}
static void loadClass(location) {
ClassLoader loader = new ClassLoader();
Class formula = loader.load(location);
Class test1 = loader.load(Test1);
// ...
Method compute = test1.getMethod("compute");
compute.invoke(test1, formula);
}
static void compute(formula) {
print formula;
}
}
Here is the pastebin. A couple of notes: I specifed a null
parent for the URLClassLoader to avoid the issue listed above, and I manipulated strings to achieve the purpose - but don't know how robust this approach can be in other deployment scenarios. Also, the URLCLassLoader I used only searches in two directories to find class definitions, not all the entries listed in the CLASSPATH
The answer is:
In the sun.reflect.Reflection
package there is a method called isSameClassPackage
(the actual signature is private static boolean isSameClassPackage(ClassLoader arg0, String arg1, ClassLoader arg2, String arg3);
). This method is responsible for deciding whether two classes belong to the same package or not.
The first check this method is doing that it compares arg0 and arg2, (the two classloaders) if they are different, it returns false.
So, if you use different classloaders for the two classes, it will not match.
EDIT: The full call chain (on request) is:
Method.invoke()
Method.checkAccess() -- fallback to the real check
Method.slowCheckMemberAccess() -- first thing to do to call
Reflection.ensureMemberAccess() -- check some nulls, then
Reflection.verifyMemberAccess() -- if public, it,'s OK, otherwise check further
Reflection.isSameClassPackage(Class, Class) -- get the class loaders of 2 classes
Reflection.isSameClassPackage(ClassLoader, String, ClassLoader, String)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With