本文探讨了防御性编程中保护私有数据的重要性,通过具体案例展示了如何使用保护性拷贝避免外部对象篡改内部状态,并介绍了安全返回私有数据副本的方法。
1,防御性编程。必要时应当考虑采取保护性拷贝的手段来保护内部的私有数据,先来看下面这个例子:
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->pubicfinalclassPeriod
{
privatefinalDatestart;
privatefinalDateend;
publicPeriod(Datestart,Dateend)
{
if(start.compareTo(end)>0)
thrownewIllegalArgumentException(start+"after"+end);
this.start=start;
this.end=end;
}
publicDategetStart()
{
returnstart;
}
publicDategetEnd()
{
returnend;
}
}
{
privatefinalDatestart;
privatefinalDateend;
publicPeriod(Datestart,Dateend)
{
if(start.compareTo(end)>0)
thrownewIllegalArgumentException(start+"after"+end);
this.start=start;
this.end=end;
}
publicDategetStart()
{
returnstart;
}
publicDategetEnd()
{
returnend;
}
}
这个类存在两个不安全的地方,首先来看第一个攻击代码
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->Datestart=newDate();
Dateend=newDate();
Periodp=newPeriod(start,end);
end.setYear(78);//改变p的内部数据!
Dateend=newDate();
Periodp=newPeriod(start,end);
end.setYear(78);//改变p的内部数据!
这是因为外部和内部引用了同样的数据,为了解决这个问题,应当修改Period的构造函数:
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->publicPeriod(Datestart,Dateend)
{
this.start=newDate(start.getTime());
this.end=newDate(end.getTime());
if(start.compareTo(end)>0)
thrownewIllegalArgumentException(start+"after"+end);
}
{
this.start=newDate(start.getTime());
this.end=newDate(end.getTime());
if(start.compareTo(end)>0)
thrownewIllegalArgumentException(start+"after"+end);
}
这样内部的私有数据就与外部对象指向不同,则不会被外部改变
再来看第二个攻击代码:
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->Datestart=newDate();
Dateend=newDate();
Periodp=newPeriod(start,end);
p.getEnd().setYear(78);//改变p的内部数据!
Dateend=newDate();
Periodp=newPeriod(start,end);
p.getEnd().setYear(78);//改变p的内部数据!
这很显然是由于公有方法暴露了内部私有数据,我们可以只返回内部私有数据的只读版本(即其一份拷贝)
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->publicDategetStart()
{
return(Date)start.clone();
}
publicDategetEnd()
{
return(Date)end.clone();
}
{
return(Date)start.clone();
}
publicDategetEnd()
{
return(Date)end.clone();
}
2,读到上面这个例子,我想起来了下面这样的代码片段
<!--<br /><br />Code highlighting produced by Actipro CodeHighlighter (freeware)<br />http://www.CodeHighlighter.com/<br /><br />-->publicclassSuit
{
privatefinalStringname;
privatestaticintnextOrdinal=0;
privatefinalintordinal=nextOrdinal++;
privateSuit(Stringname)
{
this.name=name;
}
publicStringtoString()
{
returnname;
}
publicintcompareTo(Objecto)
{
returno
}
publicstaticfinalSuitCLUBS=newSuit("Clubs");
publicstaticfinalSuitDIAMONDS=newSuit("diamonds");
publicstaticfinalSuitHEARTS=newSuit("hearts");
publicstaticfinalSuitSPADES=newSuit("spades");
privatestaticfinalSuit[]PRIVATE_VALUES={CLUBS,DIAMONDS,HEARTS,SPADES};
publicstaticfinalListVALUES=Collections.unmodifiedList(Arrays.asList(PRIVATE_VALUES));
}
{
privatefinalStringname;
privatestaticintnextOrdinal=0;
privatefinalintordinal=nextOrdinal++;
privateSuit(Stringname)
{
this.name=name;
}
publicStringtoString()
{
returnname;
}
publicintcompareTo(Objecto)
{
returno
}
publicstaticfinalSuitCLUBS=newSuit("Clubs");
publicstaticfinalSuitDIAMONDS=newSuit("diamonds");
publicstaticfinalSuitHEARTS=newSuit("hearts");
publicstaticfinalSuitSPADES=newSuit("spades");
privatestaticfinalSuit[]PRIVATE_VALUES={CLUBS,DIAMONDS,HEARTS,SPADES};
publicstaticfinalListVALUES=Collections.unmodifiedList(Arrays.asList(PRIVATE_VALUES));
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
