Just curious about how jaxb works, I have a class annotated as follows:
@XmlRootElement(name = "MyJaxb")
Class MyJaxb
{
@XmlElement
protected String str;
public void setStr(String str)
{
this.str = str;
}
}
The access modifier of field str is protected, why Jaxb can still marshall and unmarshall it?
It uses reflection. A protected or private field or method can be accessed using the reflection API (using setAccessible(true) on the appropriate Field or Method object).
Remember - public, protected and private are controls on default visibility, nothing more. They do not (and cannot) prevent access using reflection.
Beyond answer that reflection can by-pass checks (which is correct), this is also something that other JDK internal parts need, specifically default Object serialization and deserialization. In general this is allowed because many tools benefit from such access. And like others have correctly pointed out, access rights are not meant as real security barriers. They are there to help programmers design abstractions properly, make it easier to come up with good designs.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 戒情不戒烟 的文章《how java jaxb works?》','https://www.manongdao.com/article-439453.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}