Home » Software Development » How to deal with {conservative, intractable, annoying} APIs

About Christopher Meyer

Chris works as a researcher and is eagerly looking for bugs in SSL/TLS, the Java platform and various applications. In addition, he is primarily interested in secure coding and exploiting coding mistakes.

How to deal with {conservative, intractable, annoying} APIs

Have you ever been fighting with an, at least for your current purpose, inflexible API? I picked up one of the trickier scenarios – calling super( … ) with parameters.

Sometimes there will be APIs defining constructors that force to be called with instances of Objects. So far so good, but what if the handled parameter is stored private inside the class you are calling and doesn’t provide a getter method? Here is an example how to solve the bother…

In my case it was an extension of the java.net.Socket class. Socket can be seen as a nice wrapper to a concrete implementation class, for example SocketImpl which contains the “lower” level (not low level!) code. However Socket provides a nice constructor to set the underlying implementation class:

protected Socket(SocketImpl impl) throws SocketException {
   this.impl = impl;
   if (impl != null) {

So this gives an easy way to use the predefined routines of java.net.Socket with my underlying implementation without changing too much on existing code that former relied implicit on SocketImpl. The bad thing about this is that there is no way to get the handled SocketImpl instance from the wrapper (this.impl is package private, as well as the getter is package private). So if you do something like this:

public MyPrettyNewSocket extends Socket {
   public MyPrettyNewSocket() throws SocketException {
     super(new MyPrettyNewSocketImpl();

you have no chance to interact with the instance of MyPrettyNewSocketImpl directly. All calls will be done by the Socket super class.

That really bothered me since all I would like to do is to add two new methods to MyPrettyNewSocket without touching the ones provided by Socket. The logic behind these methods is implemented in, yes your guess is right, MyPrettyNewSocketImpl.

So at least one is stuck at this point since the implementation class can’t be instantiated before super(new MyPrettyNewSocketImpl() is called (super( … ) or this( … ) have to be the first calls of a constructor). Even the dirty parameter assignment known from method calls inside (e.g. super(someInternalVariable = new MyPrettyNewSocketImpl())) is not allowed for constructors. In order to circumvent this problem you have to do some dirty tricks: call the super constructor not directly, but in a chained way. And here is how you can deal with such issues:

public class MyPrettyNewSocket extends Socket {
   MyPrettyNewSocketImpl mpnSocketImpl;
   public MyPrettyNewSocket() throws SocketException {
      this(new MyPrettyNewSocketImpl());

   private MyPrettyNewSocket(MyPrettyNewSocketImpl myImpl) throws SocketException {
      mpnSocketImpl = myImpl;

As we can see the trick is to call at first another internal private constructor of my own class extending Socket with an instance of the custom SocketImpl extending class. Normally the passed instance would get lost in the depths of Socket, but after all the construction magic we still have access and get the chance to continue working with it.

Reference: How to deal with {conservative, intractable, annoying} APIs from our JCG partner Christopher Meyer at the Java security and related topics blog.

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!


1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design


and many more ....


Receive Java & Developer job alerts in your Area

I have read and agree to the terms & conditions


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments