JEP 411: Deprecation with removal would break most existing Java libraries

[Rafael Winterhalter]

Hi Peter,
thanks for the suggestion. Byte Buddy still baselines to Java 5,
unfortunately method handles are not an option at this point. I am looking
into writing a Byte Buddy build plugin that discovers calls to
PrivilegedAction.run and wraps those in a reflection-based AccessController
invocation. This does however not cover all corner cases. I have tabled the
problem for now and will see how and if other libraries adapt.
Best regards, Rafael

Am Di., 15. Juni 2021 um 09:20 Uhr schrieb Peter Levart <
peter.levart at gmail.com>:

> Hi Rafael,
>
> On 13/06/2021 22:28, Rafael Winterhalter wrote:
> > Furthermore, it is difficult to create a working facade for dispatching
> to
> > the security manager only if it is available. Methods like
> > AccessController.doPrivileged are caller sensitive and by adding a
> utility
> > to a library, this utility would leak to any potential user. It would
> > therefore require package-private dispatchers for any relevant package,
> > which would lead to a lot of copy-paste to retain backwards compatibility
> > (given that a library cannot assume to be run as a module).
>
>
> Here's my attempt / idea for such a utility which uses
> MethodHandles.Lookup as an additional argument in order to dispatch to a
> caller-sensitive AccessControler.doPrivileged:
>
> https://gist.github.com/plevart/ec333cb2c3a0306793961e8fb223bc98
>
>
> I don't know whether this helps much in your situation because apps
> currently using AccessControler.doPrivileged would have to 1st migrate
> to using such utility wrapper so you would have to provide an
> independent module containing it. But it is a possible solution in the
> long run when AccessControler API is removed from JDK.
>
>
> Regards, Peter
>
>