设计模式-单例模式防止反射漏洞攻击 

// *****************************现象描述*******************************
package com.example.SpringBootTest1.shejimoshi.singleton;
public class InnerclassSingleton {
    private InnerclassSingleton() {};
    private static class Singleton {
        private static final InnerclassSingleton i = new InnerclassSingleton();
    }

    public static InnerclassSingleton getInstance() {
        return Singleton.i;
    }
}


// 通过反射获取对象拿到的对象不是同一个


public class Test {
    public static void main(String[] args) throws NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException {
        Constructor<InnerclassSingleton> declaredConstructor = InnerclassSingleton.class.getDeclaredConstructor();
        declaredConstructor.setAccessible(true);
        InnerclassSingleton instance1 = declaredConstructor.newInstance();
        InnerclassSingleton instance2 = InnerclassSingleton.getInstance();
        System.out.println(instance1 == instance2); // false
    }
}

// *********************************防止漏洞攻击*****************************


package com.example.SpringBootTest1.shejimoshi.singleton;
public class InnerclassSingleton {
    private InnerclassSingleton() {
        if (InnerclassSingleton.getInstance() != null) {
            throw new RuntimeException("单例模式不允许创建多个实例");
        }
    };

    private static class Singleton {
        private static final InnerclassSingleton i = new InnerclassSingleton();
    }

    public static InnerclassSingleton getInstance() {
        return Singleton.i;
    }
}

// 运行这段代码通过反射去创建实例时会报自定义异常, 从而达到防止反射漏洞攻击


public class Test {
    public static void main(String[] args) throws NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException {
        Constructor<InnerclassSingleton> declaredConstructor = InnerclassSingleton.class.getDeclaredConstructor();
        declaredConstructor.setAccessible(true);
        InnerclassSingleton instance1 = declaredConstructor.newInstance();
        InnerclassSingleton instance2 = InnerclassSingleton.getInstance();
        System.out.println(instance1 == instance2);
    }
}




 






            

            
posted @ 
 
剑阁丶神灯 
阅读(70) 
评论(0编辑 
收藏 
举报


        

	    
	    
    









    
    

    
    



    

        
    

        

            
                
                
            
        

    



    相关博文:

    

            

                ·
                单例设计-静态内部类
            

            

                ·
                防止反序列创建对象漏洞
            

            

                ·
                简单纪要:如何防止单例模式被java的反射攻击
            

            

                ·
                2023.5.8  单例设计模式
            

            

                ·
                单例模式的运用
            

    





    

    阅读排行:
    

 ·          Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
        

 ·          被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
        

 ·          没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
        

 ·          园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
        

 ·          【自荐】一款简洁、开源的在线白板工具 Drawnix
        



    

    



	

	

	
	

	

	

	





    

    
    








  

  
点击右上角即可分享

  微信分享提示