java - cloning or unmodifiableCollection -


during university classes on java learned concept of privacy leak, public getter returns reference private mutable object.

the example gave follows: (forgive me if syntax isn't quite right, i'm working memory)

private hashset<*> priv = new hashset<*>  public collection<*> getpriv () {     return this.priv; }

now problem object's client has opportunity corrupt private hashset, intentionally or otherwise.

on course, suggested solution use following: 

public collection<*> getpriv () {     return collections.unmodifiablecollection (this.priv); }

this seems solution me, because not internal state of object protected external modification, attempt modify returned unmodifiablecollection trigger exception. problem though, works collections. there doesn't seem equivalents other mutable java classes.

most books on java i've read since suggest following: 

public collection<*> getpriv () {     return this.priv.clone (); }

this works on clonable object, returned object can modified client object's content. internal state of object still protected, don't exception if try modify data can't modified. means make mistake private collection, modify it, , left mystified why changes aren't reflected in object, i've swapped 1 class of errors (modifying private state) (modifying clone should immutable).

is there more generalized way of doing return collections.unmodifiablecollection (this.priv); work class (or @ least class meets prerequisite such implementing cloneable), or option implement mutable , immutable versions of private classes might want make publicly available through getter?

i'm afraid answer yes.

note collections.unmodifiablecollection returns view. essentially, collections contains adapter class takes in collection , forwards method calls it. 'dangerous' methods, throws exception instead. relies on underlying collection passed in implement things in sane manner of course. if getsize() mutates object, calling getsize() on adapter still forward underlying class, modified.

you can reduce amount of work limiting number of different classes (or interfaces) return clients. can make more of classes immutable default, common paradigm in functional languages makes things simpler. unfortunately, java makes working immutable objects unnecessarily ugly.

there possibilities generating immutable views automatically, that's complicated , requires have way of deciding methods forward anyway.

lastly, none of protects setaccessible or like. in case, they're deliberately violating standard vm constraints, it's not should worry about. if you're worried security, you'll need run untrusted code in securitymanager anyway.


Comments

Post a Comment

Popular posts from this blog

Why does Ruby on Rails generate add a blank line to the end of a file? -

running rails generate controller foo home results in: class foocontroller < application controller def home end end (there's nothing on line in actual file, blank line) is there purpose blank line? it's common use newline indicate end of line, last line. many editors (like vi, use) add in newline silently. consensus text files (especially in unix world) should end in newline, , there have been problems historically if wasn't present. why should text files end newline? the tool used count lines in file "wc" counts newlines in file, without trailing newline show 3 instead of 4. it improves readability of templates used in generator. consider: https://github.com/rails/rails/blob/master/railties/lib/rails/generators/rails/controller/templates/controller.rb to remove trailing newline, template have last line of: end<% end -%> instead of: end <% end -%> that seems less readable me. the discussion below refers
Read more

keyboard - Smiles and long press feature in Android -

i've created android keyboard. how add features inserting smilies, , using long keypresses display symbols? to create long-press behavior allows select several options pop-up menu, follow guide (specifically pop-up menu section): http://developer.android.com/guide/topics/ui/menus.html smileys (also known emoticons) combination of keys, understood programs , parsed same way. have do, when clicks smiley face on keyboard, simulate pressing of key combination matching emoticon. example, when clicks smiley, should simulate key presses ':' , ')' :). here's list of emoticons: http://en.wikipedia.org/wiki/list_of_emoticons
Read more

node.js - Bad Request - node js ajax post -

i'm using express 3.0 , node v0.11.0. have button submits form , i'm using ajax post data json object node server. client code is: $('#contact').submit(function(e) { console.log('submit called'); var formdata = json.stringify($('form').serializeobject()); console.log(formdata); $.ajax({ url: "http://localhost:3000/savedata/", type: "post", datatype: 'json', data: {objectdata: formdata}, contenttype: "application/json", complete: function() { console.log('process complete'); }, success: function(data) { console.log('process sucess'); }, error: function() { console.log('process error'); }, }); return false; }); then on server: var express = require('express'); var app = express(); app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.bodyparser());
Read more