[PATCH] 4851444: Exposing sun.reflect.Reflection#getCallerClass as a public API in Java 8

Nick Williams nicholas+openjdk at nicholaswilliams.net
Sun Sep 1 15:58:43 UTC 2013


As Jörn pointed out, you can also use HTTP. Could you tell me which browser/version you're using? I'd love to figure out what's up with my HTTPS. I can access it in all my browsers.

I understand your point about making CallerSensitive public being a non-goal of JEP 176. But, if we're going to make getCallerClass public (which everyone in the community seems to want), we either have to also make @CallerSensitive public or just remove the security check of CallerSensitive's presence (which means CallerSensitive is no longer necessary).

Nick

On Sep 1, 2013, at 4:25 AM, Alan Bateman wrote:

> On 01/09/2013 09:16, Nick Williams wrote:
>> :
>> 
>> I believe I have followed all of the procedures as closely as possible. I await feedback and hope for some support on this, so that we can get a public replacement for this method in Java 8. Let me know if you have any questions.
>> 
> You may need to check your https server as it doesn't look like it's possible to establish a SSL connection ("no common encryption algorithms" is one of the errors I see).
> 
> Just to set expectations, you are proposing changes in an area that is very security sensitive. As your patches are not currently accessible then I can't say whether you have taken this into account or not. I bring it up because it will have an influence on what we do here. Your mail also mentions moving sun.reflect.CallerSensitive to java.lang but as I recall, this was an explicit non-goal of JEP 176. So I would suggest be prepared for changes to the proposal, also the potential to take time to get agreement on any new APIs. My comments are not meant in any way to discourage you, rather just to highlight that this is a sensitive area.
> 
> -Alan




More information about the core-libs-dev mailing list