...
At a later date, the maintainer of the class Account added a new method called overdraft(). However, the BankAccount class maintainer , was not aware unaware of this the change. The client application consequently became vulnerable to malicious invocations. For example, the overdraft() method could be invoked directly on a BankAccount object, avoiding the security checks that should have been present. The following code illustrates this vulnerability.
...
While this code works as expected, it adds a dangerous vector of attack. Since Because there is no security check on the overdraft() method, a malicious client can invoke it without authentication:
...
Returns whether this
Calendarrepresents a time after the time represented by the specifiedObject. This method is equivalent to:
compareTo(when) > 0
if and only ifwhenis aCalendarinstance. Otherwise, the method returnsfalse.
The documentation does not fails to state if whether after() actually invokes compareTo() or if whether compareTo() invokes after(). In the Oracle JDK 1.6 implementation, the source code for after() is as follows:
...