Understanding Java reflection drawbacks

Question

I am trying to understand the drawbacks as mentioned in Java docs

Security Restrictions

Reflection requires a runtime permission which may not be present when running under a security manager.

What are the runtime permissions that reflection needs? What is security manager in this context? Is this drawback specific to Applets only?

Exposure of Internals

Since reflection allows code to perform operations that would be illegal in non-reflective code, such as accessing private fields and methods, the use of reflection can result in unexpected side-effects, which may render code dysfunctional and may destroy portability. Reflective code breaks abstractions and therefore may change behavior with upgrades of the platform.

How reflection can break abstraction? and how does it affect with upgrades of the platform.

Please help me in clarifying these. Thanks a lot.

Using reflection, you can make a `private` field/method become `public` for instance. However, no idea how a `SecurityManager` can influence that... — fge, Mar 02 '14 at 20:17
Duplicate of http://stackoverflow.com/questions/3002904/what-is-the-security-risk-of-object-reflection? (Websearching "java reflection security" finds that first, along with much other discussion.) — keshlam, Mar 02 '14 at 20:18
@keshlam while this explains the risks of reflection, what a `SecurityManager` can do to prevent some/most of the risks is not mentioned — fge, Mar 02 '14 at 20:23
http://stackoverflow.com/questions/14639753/reflection-security — keshlam, Mar 02 '14 at 20:26
@keshlam, Thanks for providing links. Can you please clarify my second question related to Exposure of Internals. — Chaitanya, Mar 02 '14 at 20:31

score 1 · Answer 1 · edited Jan 08 '16 at 23:29

1

First you should always ask to yourself why reflection in your code. Aren't you able to do the operations without reflection. If YES then only you should use reflection. Reflection uses meta information about class,variables and methods this increase overhead, performance issue and security threat.

To understand the drawback of reflection in detail visit http://modernpathshala.com/Forum/Thread/Interview/310/what-are-the-drawbacks-of-reflection

edited Jan 08 '16 at 23:29

Kevin Brown-Silva

40,873
40
203
237

answered Jan 05 '16 at 18:24

amitguptageek

537
3
13

2

Please don't use shortened urls in answers. They don't tell me anything about the site that I'm about to visit. – d0nut Jan 05 '16 at 19:52
Link not working – Jef Mar 14 '22 at 06:30

score 0 · Answer 2 · answered Mar 02 '14 at 20:22

Security "sandboxes" aren't limited to applets. Many other environments which permit less-than-completely-trusted "plug-in" code -- webservers, IDEs, and so on -- limit what the plug-ins can do to protect themselves from errors in the plug-in (not to mention deliberately malicious code).

score 0 · Answer 3 · answered Apr 03 '19 at 05:36

A framework class called dependency container was used to analyzes the dependencies of a class. With this analysis, it was able to create an instance of the class and inject the objects into the defined dependencies via Java Reflections. This eliminated the hard dependencies. That way the class could be tested in isolation, ex. by using mock objects. This was Dagger 1.

Main disadvantages of this process were two folds. First, the Reflection is slowing itself and second, it used to perform dependency resolution at runtime, leading to unexpected crashes.

Understanding Java reflection drawbacks

3 Answers3