{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Melony? 的问题《how java jaxb works?》','https://www.manongdao.com/q-386394.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Just curious about how jaxb works, I have a class annotated as follows:
@XmlRootElement(name = "MyJaxb")
Class MyJaxb
{
@XmlElement
protected String str;
public void setStr(String str)
{
this.str = str;
}
}
The access modifier of field str is protected, why Jaxb can still marshall and unmarshall it?
Beyond answer that reflection can by-pass checks (which is correct), this is also something that other JDK internal parts need, specifically default Object serialization and deserialization. In general this is allowed because many tools benefit from such access. And like others have correctly pointed out, access rights are not meant as real security barriers. They are there to help programmers design abstractions properly, make it easier to come up with good designs.
It uses reflection. A
protectedorprivatefield or method can be accessed using the reflection API (usingsetAccessible(true)on the appropriateFieldorMethodobject).Remember -
public,protectedandprivateare controls on default visibility, nothing more. They do not (and cannot) prevent access using reflection.