接口安全设计
接口防反射设计
利用Exception的接口返回方法调用栈,判断是否存在java.lang.reflect.Method
的调用,是则为反射调用,直接抛异常中断方法继续执行
测试接口代码
public class TestReflection {
private void test(Context context){
checkSecurity();
Toast.makeText(context, "hhhhh", Toast.LENGTH_SHORT).show();
}
public void testPublic(Context context){
test(context);
}
private void checkSecurity() {
StackTraceElement[] st = new Exception().getStackTrace();
for (StackTraceElement s : st){
Log.e("zbm111", s.getClassName() + " " + s.getMethodName());
}
if (st[2].getClassName().equals("java.lang.reflect.Method")){
throw new RuntimeException("No such method");
}
}
}
测试类代码
public class TestActivity extends Activity {
@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_test);
try {
Method method = TestReflection.class.getDeclaredMethod("test");
method.setAccessible(true);
method.invoke(new TestReflection());
Log.e("zbm111", "hhhhh");
}catch (Exception e){
e.printStackTrace();
Log.e("zbm111", e.toString());
}
new TestReflection().testPublic(this);
}
}
结果:
反射调用test接口会抛异常,正常调用则成功执行