Access modifiers in Java

Introduction

Imagine downloading a software package into your project for integration then you decide to use it inside your program, on checking for the classes inside that package, boom! Before you are 1200 class and what you need is just 5 to 10 maximum, then you'll have to start searching for the few relevant ones. How frustrating? This is exactly what Object Oriented Programming languages like Java are here for. One of the motivations for access modifiers is a principle in computer science and information security known as The Principle of Least Privilege.

The principle of least privilege states that the code should be granted only the amount of privilege and access it needs to complete its designated task.

Access modifiers in Java are keywords used to determine the accessibility of classes, methods, and other members. Access modifiers implement one of the core Object-Oriented Programming concepts known as Encapsulation or Data hiding. The idea behind the concept was to give clients and users authorized access to controlled information. This will limit the chances of data compromise or data hijacking.

The access modifiers in Java are four with only three having keywords. They are

• Public access modifier
• Private access modifier
• Protected access modifier
• Default access modifier

• Public

public static String firstName;

As the name suggests, public makes available the members (instance fields and methods) of a class to all other classes in the package and objects of that class as well, and even subclasses. The public access modifier is mostly used when we want to make an instance field or methods available to all the objects of the class, or available from other classes in the same package, or outside it (when imported).

One of the major trade-offs in declaring a member public is that subclasses can easily modify the variable thereby making the class fragile. And because that member is public, other classes or objects can have unauthorized access to the member thereby making it prone to malicious attack.

Tip: If a class must have public data, then make it final to avoid modification.

• Private

private double salesAmount;

Contrary to public, private gives a variable or field restricted access to the fields or methods themselves. Declaring a field or method private signifies that that method or field is available to only the members of that particular class. This means that other classes in the same package or objects of the class, or even subclasses don’t have access to these methods.
The main reason for this is to prevent instance variable unauthorized access or modification. This is to fulfill one of OOPs important concepts known as Encapsulation or Data Hiding.
A solution to private instance variables is to make corresponding public get and set methods and control their access to these instance fields and validate data to be stored in the field as well. This is one of the major uses of the get and set methods.

Tip: It is advisable to always use private fields in your class and use get and set methods to access them because this is a good software engineering practice.

• Protected

protected final static int age;

Protected bridges the gap between public and private members of a class.
It provides an intermediate level of protection between public and private access.
It allows a member to be accessed by the members of that class, by members of its subclass, and also members of other classes in the same package (protected has package access).
The main difference between protected and public members is that public members can be accessed from anywhere in the package or even other packages (when imported) but protected is not available to members of other packages outside its current package.

One of the drawbacks of using the protected access modifier is that members of the subclass can modify the variables easily without using the set methods, in which attackers can take advantage of this to alter the variables leading to inconsistent behavior in the class.
If the implementation of the class was to change next time, this means all other subclass inheriting from this class will have to be modified to fit this change, for instance, modifying an instance variable from lastName to surname, this means all other subclass using firstName will have to be modified to surname, which is not a good practice.
Another drawback is that the protected members are visible to all other classes in the same package which might not be desirable for some problems.

Usage: Just like public and private, protected is used in similar ways.

• Default

static String dateOfBirth;

When a class's fields or methods are declared without an access modifier, then the default access modifier is assumed in this case. Java takes that field or method to be a default access modifier, therefore, making access to that field or method limited.
With the default access modifier, other members of the class and classes in the same package can have access to it. But classes from other packages don't have access to it.

• Summary
  Below is an image from Wikimedia summarizing the difference between the access modifiers in Java.
  

• Conclusion
  The use of access modifiers in an object-oriented language like Java is highly encouraged to prevent information leakage mostly in industry-standard software that is reusable. Sticking to this principle will go a long way in preventing malicious attacks on most of our software today.
  Sticking to this principle will go a long way in preventing malicious attacks on most of our software today.