On 01/07/2012 11:43 PM, Jochen Theodorou wrote:
Am 07.01.2012 23:21, schrieb Jochen Theodorou:
Am 07.01.2012 23:15, schrieb Rémi Forax:
[...]
You can always bypass the security by creating a j.l.r.Method,
call setAccessible() on it and then use lookup.unreflect().
ah! ok... thanks.
hmm... I seemed to be happy too early... it does not work
it works !
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Method;
public class SecBypass {
public static class Base {
public void foo() {
System.out.println("Base::foo");
}
}
static class Sub extends Base {
public void foo() {
System.out.println("Sub::foo");
}
}
public static void main(String[] args) throws Throwable {
Base base = new Sub();
//MethodHandle mh =
MethodHandles.publicLookup().findVirtual(Sub.class, "foo",
MethodType.methodType(void.class));
// don't work
Method method = Sub.class.getDeclaredMethod("foo");
method.setAccessible(true);
MethodHandle mh = MethodHandles.publicLookup().unreflect(method);
// ok
mh.invoke(base);
}
}
bye blackdrag
cheers,
Rémi
--
You received this message because you are subscribed to the Google Groups "JVM
Languages" group.
To post to this group, send email to jvm-languages@googlegroups.com.
To unsubscribe from this group, send email to
jvm-languages+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/jvm-languages?hl=en.
