Page History

Member Nonfinal member methods of nonfinal classes that perform security checks can be compromised when a malicious subclass overrides the methods and omits the checks. Consequently, such methods must be declared private or final to prevent overriding.

...

This noncompliant code example allows a subclass to override the readSensitiveFile() method and omit the required security check.:

public void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    }
    // Access the file
  } catch (SecurityException se) {
    // Log exception
  }
}

...

This compliant solution prevents overriding of the readSensitiveFile() method by declaring it final.:

public final void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    }
    // Access the file
  } catch (SecurityException se) {
    // Log exception
  }
}

...

This compliant solution prevents overriding of the readSensitiveFile() method by declaring it private.:

private void readSensitiveFile() {
  try {
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {  // Check for permission to read file
      sm.checkRead("/temp/tempFile");
    }
    // Access the file
  } catch (SecurityException se) {
    // Log exception
  }
}

Exceptions

MET03-J-EX0: Classes that are declared final are exempt from this rule because their member methods cannot be overridden.

...

Bibliography

Android Implementation Details

On Android, System.getSecurityManager() is not used, and the use of a security manager is not exercised. However, an Android developer can implement security-sensitive methods, so the principle may be applicable on Android.

Bibliography

...

Image Added Image Added Image Removed      05. Methods (MET)