How to get current java.net.Authenticator in Java 9 without reflection.
Andrew Guibert
aguibert at us.ibm.com
Wed Mar 29 16:29:18 UTC 2017
Hello all,
I am working on cleaning up some library dependencies of my product in
preparation for Java 9. One of the dependencies is Apache CXF, which tries
to wrap the default java.net.Authenticator with a custom CXFAuthenticator.
Currently the code uses reflection hacks to get the current Authenticator
and then wrap it, which obviously doesn't fly in Java 9.
Is there a proper way to get the current java.net.Authenticator?
If not, it seems like a new static method "public static Authenticator
Authenticator.getAuthenticator()" may be needed. Of course, there could be
j2sec access checks for this, but if code has permissions to set a new
Authenticator, I don't see any further security issues with allowing it to
read the current Authenticator.
More information about the jdk9-dev
mailing list