ABAP Objects – Is INTERFACE the Leaky Bucket of OOPs Design?

8
149
code injection in sap

Most of us know, Encapsulation, Abstraction, Inheritance, and Polymorphism are the Pillars of Object Oriented Design. There is also a fifth aspect called INTERFACE which helps to provide external access to object members.

In normal ABAP RICEF, we already have ‘I’ for INTERFACE which often is associated with data exchanges within sap or external systems. We can somewhat relate to the same INTERFACE in OOPs ABAP too.

Pillars of Object Oriented Architecture

Also, Read Just 4 Versions of the same program to understand OOPs ABAP

INTERFACE is not a class. It is an entity which CANNOT have an implementation. It can only have EMPTY method declaration and components. INTERFACE components are always PUBLIC. INTERFACE is a concept by which the same method names will behave differently in different classes.

Below is an example of an INTERFACE with a method GET_KEY. 

INTERFACE would have method(s) and those method(s) will have different implementations in different classes which call that INTERFACE. The method names in all the different classes would be same as in INTERFACE but can be designed to behave differently.

Example of a Class using INTERFACE Method GET_KEY

Similarly example of another Class that uses the same INTERFACE and same method GET_KEY. But the method does something else.

In the above code snippet, Class LCL_SNOOP and Class LCL_HISTORY_LOGGER are independent classes. But both use the INTERFACE LOCKER_KEY and the method GET_KEY are implemented differently although they have the same NAME in two classes.

INTERFACE is one of the concepts in Object Oriented ABAP to achieve Polymorphism.

The point to be noted is, INTERFACE just contains methods WITHOUT any implementations. INTERFACE helps in re-usability and maintain standard project framework.

Also, ReadHow to convert an existing ABAP Report to OOPs ABAP?

INTERFACE act as the connecting link. Just like the neck of the bottle in the below figure.

Interface in OOPs

Now coming back to the point which we wanted to demonstrate today. Is INTERFACE the leaky bucket in OOPs ABAP? In other words, is INTERFACE the weakest link which makes the classes using it vulnerable?

Let’s explore.

We all know INTERFACE plays a vital role in large projects or developing a custom app which can be extended based on customer demand. This extension might be done by the same person or different person. To maintain the consistency in the entire project we use INTERFACES. Example BADI always gives INTERFACES which all over the world ABAPers use the same method signature to implement the INTERFACE. Inside BADI, its framework calls these INTERFACEs to show custom business implementations (eg: TAB Strip on ME21n etc).

But INTERFACE has one drawback which is like the leaky bucket in the sense that if your CLASS_1 becomes FRIEND of an INTERFACE then other classes which are NOT a friend of INTERFACE or CLASS_1 but just implements that INTERFACE, can access the PRIVATE data of CLASS_1.

Just a word of caution from SAPYard Team. Do take care while designing the class. Do not give a secret hole to expose your sensitive data.

Here goes the code to show how INTERFACE acts like the leaky bucket.

Now let’s run the program and see the output.

Difference between Interface and Class

Look, class LCL_SNOOP was able to access the Private variable (lv_bank_balance) of LCL_MYBANK. Isn’t it scary? LCL_SNOOP and LCL_MYBANK are nowhere related. So how did LCL_SNOOP access the Private Variable?

The culprit is the FRIENDSHIP of LCL_MYBANK with INTERFACE LOCKER_KEY.

For the above example, INTERFACE was indeed the MOLE in the team.

Let us remove the FRIENDS statement from LCL_MYBANK definition (commented in the above screenshot). Your program would outrightly give a syntax error. It would say, Access to Private Attribute NOT allowed.

So, did you see the influence of INTERFACE and it impacts TO data visibility and access?

Hope you liked this tricky post. Now it is your duty to judiciously use INTERFACE in your OOPs design.

Have you ever injected any code knowingly? Do you know how to inject codes? Do you have any other types of Hacks? Do share your experience. Don’t worry if we inject or hack, we would be White-Hat Hackers. Everything ethical. Always responsible. Only for the betterment. J

Are you SAP ABAP on HANA Ready? If not, go through these Step by Step Tutorials on HANA ABAP.

Do you have any tips, tricks, tutorial, concept, config, business case or anything related to SAP to share? Write articles at SAPYard and EARN up to 500 INR per article? Please contact us at mail@sapyard.com to know more.

If you GENUINELY like our articles then it would be a HUGE help if you shared, subscribed and liked us on FacebookIt might seem insignificant, but it helps more than you might think.

We have organized all our SAP Tutorials on one page. Please visit the below link to find all materials (ABAP, HANA, ABAP on HANA, Workflow, Fiori, SAPUI5, Adobe etc) at one convenient place.

All SAP Tutorials at One Page

8 COMMENTS

  1. Dear All,

    I agree the points mentioned by you all. But point of the post is that during “Design Time” one should take care of above mentioned rules. What if i design my API making INTERFACE as a friend to class and release to public ?. This loophole will surely get caught and API users can surely take advantage of this.

    Remember old windows regedit in 2000 where sysrnj.exe virus could make all the documents extension to .EXE and corrupt the whole documents. Just an example i wish to provide in respect to above loop hole during design time. I don’t know who regedit was design but just an example.

    Thank you all for your time for reading entire article and throwing genuine queries.

    Keep coming to SapYard :-).

    Regards
    Mahesh

  2. This is not a loophole of interface but because of friends concept. Whenever you are doing friends class it gives unlimited access to the private variables of class in relationship. In this example interface is just a medium to access the private variables. It could have been the same instead if we used a class.

    • Thank you Manish for stopping by and writing your thoughts. But we believe that the Private variables are not Visible to the Friends as well.. Are we wrong?

      Please correct us if we are assuming something different.

      Regards,
      Team SAPYard.

      • Hi,

        “Private variables are not Visible to the Friends as well..”
        here i am assuming that you are referring to friend class, but friend concept is mean to access private memebers

LEAVE A REPLY

Please enter your comment!
Please enter your name here