I have read in Wikipedia here that:
A final class cannot be subclassed. This is done for reasons of security and efficiency.
I am wondering about the kind of security that final in Java can achieve?
final does not provide any security whatsoever. It's silly to expect it to. It provides a kind of safety.
Though your question is related to java, I'll point you to Marshall Cline's C++ FAQ which answers a similar question.
http://www.parashift.com/c++-faq/encap-is-not-security.html
[7.8] Is Encapsulation a Security device?
No.
Encapsulation != security.
Encapsulation prevents mistakes, not espionage.
Let me add that the keywords like public, private, final etc do not prevent intentional misuse. They are just constructs which help enforce design by preventing accidental or unintentional misuse.
A programmer who wants to substitute functionality in the base class can use other ways to do it - the simplest is it to not use the class at all and do his own stuff.
If you want to prevent access or any other thing, do it in the underlying OS, not in your class library.
As always, Wikipedia may be a good starting point for something but is rarely the authoritative source.
If your class is final, No one can subclass it. If no one can subclass your final class, that means your features of the final class can not be changed by other by reusing your class.
Assume you are technology provider, here you provide API for some banking system, using your API client will implement its banking system.
case: WITHOUT FINAL
This is in your API
class BaseClass{
public void makeTransaction(){
}
}
This is client code
class DerivedClass extends BaseClass{
public void makeTransaction(){
// naughty client can do something here like:- makeTransaction but transfer 1 dollar for each transaction to my account.
}
}
case: WITH FINAL This is in your API
final class BaseClass{
public void makeTransaction(){
}
}
This is client code
class DerivedClass extends BaseClass{ // not allowed
}
Client has to use make transaction as you have already defined. This is one aspect how final can secure your piece of code.
A final class cannot be subclassed. This is done for reasons of security and efficiency.I am wondering about the kind of security that final in Java can achieve?
If a class cannot be subclassed then you cannot override the functionality that a parent class provides in a child class. From a design perspective you are actually finalizing and enforcing a design using final classes. Hence it makes your final class secured in that sense.
If a class if final than none other class Inherit that class and the
overriding of methods is not possible
. For example, the String class is final so that no one can override and change the methods of the String class.
Let's say you work at the bank and your boss ask for a way to validate some customer credentials.
You will have something like that:
public class Validation {
private Customer customer;
public Validation(Customer customer) {
this.customer = customer;
}
public boolean validate() {
return customer.isValid();
}
}
You must put a final on the class or on the method validate(not sure why nobody mentioned it). This way, if someone wants to extend your class he won't change the validate algorithm(final on method) of he won't extend the class at all(final on class).
