Chuck Caplan: August 2005 Archives

« July 2005 | Main | October 2005 »

August 29, 2005

Java - 'private' does not really mean Private...

In the following example, I am going to show how to access private fields and methods from another Java class using Reflection. Typically, private access from another class is not allowed in Java. However, the AccessibleObject class, which is the parent class of Field and Method (among others) contains a method called setAccessible(boolean flag), which allows a programmer to override the permissions governing access to private fields and methods.

Take a look at these two example classes:
Private.java
PrivateTest.java

Private.java contains a private int field, String field and void method, none of which should be accessible outside the class. However, PrivateTest.java uses reflection to call setAccessible(true) and gains access to all of these members. It then prints the values of the private fields and invokes the private method.

Is there any way around this? Kind of. By invoking the JVM with "-Djava.security.manager" (no quotes), the JVM will be using the Java Security Manager, which will throw an error whenever setAccessible(true) is called to access a private method when it shouldn't. The specific error will be:

java.security.AccessControlException: access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)

In addition, the JVM argument "-Djava.security.policy" (again, no quotes) allows you to use a custom security policy file that lets you be very specific as to what is allowed and what is not. More information on security policies is available here. However, there is no way to guarantee that a user will be using the Security Manager with your specific policies being enforced.

So what does this mean? Basically, if someone really wants to access a private field or method in any Java class, they can do so. As you code anything private, you should at least be aware of this, especially if what you are coding is proprietary or confidential.

The best analogy I can give is about locks on a house. If your house has locks, it may deter some people from breaking in and robbing you. However, if someone really wants to gain access, a lock is not going to stop them. The same is true for private methods in Java.

Posted by Chuck at 11:20 AM | Comments (1) | TrackBack

August 23, 2005

A Google IM Client?

UPDATE (8/24/05 9:15am) - Google Talk is live. Check it out.

UPDATE (8/23/05 7:15pm) - I have been able to logon to the Jabber server at talk.google.com with my GMail username and password using Gaim. If you are able to as well, send me an IM (ccaplan).

There has been a lot of speculation lately about whether or not Google will release its own Instant Messaging client in the next few days. One of the rumors going around is that talk.google.com is actually a Jabber server. For those who don't know, Jabber is an open Instant Messaging framework that offers many advantages over more mainstream IM services like AIM.

I decided to try to verify the rumor that talk.google.com is a Jabber server for myself. I started by pinging it:

C:\Documents and Settings\charlesc>ping talk.google.com
Pinging talk.l.google.com [64.233.167.125] with 32 bytes of data:
Request timed out.

This verified that talk.google.com was a valid address as it resolved to an IP address as well as the domain talk.l.google.com.

I then telnetted to the server on port 80 and got this response:

HTTP/1.1 302 Found
Location: http://www.google.com/talk/
Content-Type: text/html
Content-Length: 151

<HTML><HEAD><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document
has moved <A HREF="http://www.google.com/talk/">here</A>.</BODY></HTML>

Connection to host lost.

That shows that while there may not be a site there now, Google has at least attached talk.google.com to a web server. You can see for yourself by going here.

Finally, I telnetted to it on the port that Jabber uses to communicate (TCP port 5222) and sent it a request using an example from the O'Reilly book Programming Jabber:

C:\Documents and Settings\charlesc>telnet talk.google.com 5222
After connecting, I sent the following String:
<?xml version='1.0'?><stream:stream xmlns:stream=
'http://etherx.jabber.org/streams' to='yak' xmlns='jabber:client'>
And I got a response:
<stream:stream from="yak" id="C13304A4"
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client">

So it is confirmed. The server talk.google.com is actually running a Jabber server. Hopefully, there will be good things to come concerning Google and IM in the next few days...

Posted by Chuck at 12:32 PM | Comments (3) | TrackBack

August 16, 2005

Track Any Flight Online

My wife is currently flying to Chicago, but I am at work. Normally, I would have no idea if there was a delay, when she would be arriving or where in flight she was. Fortunately, I can track her trip in real-time with a flight tracking service like FlightView from RLM Software. With FlightView, I can enter any airline and flight number along with a date and it will give me real-time stats on the flight, such as altitude and speed. The site also features a map so I can see exactly where the plane is at any given time:

This technology has been around for a while, but I think it deserves another mention because I rarely hear about it anymore.

Posted by Chuck at 09:35 AM | Comments (1) | TrackBack

August 01, 2005

A 15-Minute Guide to Using CVS with WDSc

My first published article, "A 15-Minute Guide to Using CVS with WDSc" has been printed in the August, 2005 edition of iSeries News. It is free to subscribe to the printed version of the magazine, but online access to my specific article requires a paid subscription. If you happen to have a subscription, you can read the article online here: iSeries News - August, 2005

Posted by Chuck at 01:14 PM | Comments (0) | TrackBack

Chuck Caplan

Because there are just not enough blogs out there.