| Wiki Markup |
|---|
Client code can trivially access {{public}} {{static}} non-final fields. Neither reads nor writes to such variables are checked by a security manager;. furtherFurthermore, new values cannot be validated programmatically before they are stored in the field. Classes loaded by the same class loaders can access each others' {{public}} {{static}} members. For example, consider Java applets \[[Sun 2008|AA. Bibliography#Sun 08]\]: |
...
However, applets loaded by different class loader instances are completely isolated and cannot access each others' public static fields. FurtherFurthermore, code from any class can access public members of any class that was loaded by any class loader in the delegation chain of the current class's class loader. In the diagram below, for example, code in classes C4 and C5 can freely access public members of class C2, whereas neither class C2 nor class C4 can access public members of class C5.
...
In the presence of multiple threads, non-final public static fields can be modified in inconsistent ways. (For an example, see guideline TSM01-J. Do not let the (this) reference escape during object construction.)
...
Fields declared static final are also safe for multithreaded use; see guideline TSM03-J. Do not publish partially initialized objects. However, remember that simply changing the modifier to final may not prevent attackers from indirectly retrieving an incorrect value from the static final variable before its initialization; see guideline DCL12-J. Prevent class initialization cycles for more information. FurtherFurthermore, individual members of the referenced object can also be changed if the object itself is mutable; see guideline OBJ01-J. Do not assume that a final reference makes the referenced object immutable.
It is also permissible to use a wrapper method to retrieve the value of m_functions. This has encapsulation advantages as it restricts its accessibility of permits m_functions to be declared private; see . See guideline OBJ00-J. Declare data members as private and provide accessible wrapper methods for more information.
Noncompliant Code Example (serialVersionUID)
...
Unauthorized modifications of public static variables can result in unexpected behavior and violation of class invariants. FurtherFurthermore, because static variables can be visible to code loaded by different class loaders when those class loaders are in the same delegation chain, such variables can be used as a covert communication channel between different application domains in some cases.
...