§6. Object Teams API   Table of  Contents §8. Join point queries 

ObjectTeams/Java Language Definition - §7.

§7. Role encapsulation

Concepts of encapsulation

Protected roles A role with visibility protected cannot be externalized, which means its type cannot be used outside the declaring team (§1.2.3)
Confined roles Confined roles are encapsulated even stricter than protected roles: the compiler will ensure that by no means any object outside the enclosing team will ever have a reference to a confined role.
Opaque roles Opaque roles build on the guarantees of confined roles but allow to be shared in a limited way such that no information is exposed.

§7.1. Opaque roles

The purpose of the types IConfined (see §6.2(a)) is to define opaque roles: Any role implementing IConfined can be externalized using this type, such that external clients cannot access any features of the role. The type IConfined exposes no features and references of this type cannot be widened to any type not even to java.lang.Object.
If the actual role type is furthermore invisible outside the team (by not declaring it public), it is perfectly safe to externalize such roles using type IConfined (which is a public interface) and pass them back to the owning team. The encapsulation of the team is in no way breached by externalizing opaque roles, which can only be used as a handle into internal state of the team.

The difference between the two mentioned interfaces is that Team.IConfined requires to use this type or any subtype as externalized role. Such a reference contains the information of the enclosing team. Even stricter control can be imposed using the regular interface IConfined. Here not even team membership is visible to clients using a reference of this type.

§7.2. Confined roles

Subclassing Team.Confined with a protected class yields a role class to which no object outside the team will ever have a reference. The point here is that a role class with a regular super class will widen the this reference to the super class when executing a method from this class. Within such a method a danger of leaking the reference exists.
Subclasses of Team.Confined do not inherit any methods that have this danger.

(a) Inhibition of overriding
The types Team.IConfined and Team.Confined cannot be overridden (cf. §1.3.1(c)).

Upcoming: Only by widening to a non-role super-type, a role instance can be accessed from outside the team. In the future this can be inhibited by restricted inheritance.

1 
 public team class Company {
2 
   private HashMap employees;
3 
   ...
4 
   protected class Employee implements IConfined {
5 
     void pay(int amount) { ... }
6 
     ...
7 
   }
8 
   public IConfined getEmployee(String ID) {
9 
     return (IConfined)employees.get(ID); // cast needed because get returns Object
10 
   }
11 
   public void payBonus(IConfined emp, int amount) {
12 
     ((Employee)emp).pay(amount);
13 
   }
14 
 }

15 
 public class Main {
16 
   public static void main(String[] args) {
17 
     final Company comp = new Company();
18 
     comp.IConfined emp = comp.getEmployee("emp1");
19 
     //System.out.println(emp); <-- forbidden!
20 
     comp.payBonus(emp, 100);
21 
   }
22 
 }

Effects:

  §6. Object Teams API   Table of  Contents §8. Join point queries 
© Stephan Herrmann, Christine Hundt
OT/J Version 0.9 — Last modified: Wed Dec 20 2006