Accessing private Fields and private Methods (Hacking A Class) in Java
In Java, by using the Reflection API, found in the java.lang.reflect package, you can access private fields and methods of another class. It is not even that difficult. This can be very handy during unit testing. If you try to access a field and a method, of an applet, then you will need to make a change in the SecurityManager setting. One Important thing is that this will work only when the code is running standalone, as in a Java application.
Access fields value of other class
There are two methods. The first one is Class.getDeclareField(obj)String obj and the second is Class.getDeclareFields(). Both of the methods only return public fields, so they would not work. So, you use setAccessible() method, which has a default value of false, but you can set it to true.
Example
- import java.lang.reflect.*;
-
- public class PrivateObject
- {
- private String privateString = null;
- public PrivateObject(String privateString)
- {
- this.privateString = privateString;
- }
- }
- class PrivateTest
- {
- public static void main(String arg[])
- {
- try{
- PrivateObject privateObject = new PrivateObject(" you Successfully access the Private data Value of a class");
-
- Field privateStringField = PrivateObject.class.getDeclaredField("privateString");
-
- privateStringField.setAccessible(true);
-
- String fieldValue = (String) privateStringField.get(privateObject);
- System.out.println("fieldValue = " + fieldValue);
- }catch(Exception e)
- {
- System.out.println(e);
- }
- }
- }
OUTPUT
You can see that the private string is accessed by another class named PrivateTest.
Access Method of other class
There are two methods. The first one is Class.getDeclareMethod(String obj, Class[] parameter types ) and the second is Class.getDeclareMethods( ). Both of the methods only return public Methods, so they would not work. So, you can use the setAccessible() method which has a default value of false, but you set it to true.
Example
import java.lang.reflect.*;
// this is the class which contain private fields and method name as
public class PrivateObject1
{
private String privateString = null;
public PrivateObject1(String privateString)
{
this.privateString = privateString;
}
//this is private method which return a string
private String getPrivateString()
{
return this.privateString;
}
}
//this is another class which is used private method named as getPrivateString()
class PrivateMethodTest
{
public static void main(String arg[])
{
try{
PrivateObject1 privateObject = new PrivateObject1("now you successful run the private method ");
// this is way to access the field of which class you want to access private data member.
Method privateStringMethod = PrivateObject1.class.getDeclaredMethod("getPrivateString", null);
// this setAccessible method has by default value false but you change it as true.
privateStringMethod.setAccessible(true);
// By using invoke method you run the private method and it value is type casting in String form.
String returnValue = (String)privateStringMethod.invoke(privateObject, null);
//print the value which return after the excuting private method
System.out.println("returnValue = " + returnValue);
}catch(Exception e)
{
System.out.println(e);
}
}
}
Note: a SecurityException is thrown by the methods getDeclaredField, getDeclaredMethod and setAccessible methods, so you need to use Exception handling in this program. That is why we use a try and catch blocks. Put these statements within this block.
OUTPUT
You can see that the private method is run in another class boundry, named PrivateMethodTest, but its a method of the PrivateObject1 class.
Resources