Page History

According to the Java Language SpecificationA nested class is any class whose declaration occurs within the body of another class or interface \[[JLS 05|AA. Java References#JLS 05]\]:

A nested class is any class whose declaration occurs within the body of another class or interface.

. Nested classes are a broad set of classes that are classified as {{static}} member and inner classes. "An inner class is a nested class that is not explicitly or implicitly declared {{static}}." \[[JLS 05|AA. Java References#JLS 05]\]. An inner class may be local, anonymous or non-static.

The use of nested class is error-prone unless the semantics are well understood. A common notion is that only the outer class can access the contents of the nested inner class(es). Not only does the nested class have access to the private fields of the outer class, the same fields can be accessed by another class in the package depending on whether the nested class is declared public or if it contains public methods/constructors. By default, the javac compiler converts the accessibility of private methods of a nested class to package-private (SCP30-J. Do not define nested classes in classes containing sensitive data if the container is untrusted).

Also, according to the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], section 8.3 "Field Declarations":

Note that a private field of a superclass might be accessible to a subclass (for example, if both classes are members of the same class). Nevertheless, a private field is never inherited by a subclass.

Noncompliant Code Example

The This noncompliant code in this noncompliant example illegally exposes the sensitive (x,y) coordinates through the getPoint() method of the inner class. As a resultConsequently, the AnotherClass class that belongs to the same package can illegally access the coordinates.

...

The Java Language System weakens the access accessibility of sensitive, private entities in inner classes which may result in a security weakness.

...