Module accessibility

David M. Lloyd david.lloyd at redhat.com
Thu Dec 22 08:07:21 PST 2011


On 12/22/2011 05:03 AM, Jesse Glick wrote:
> They would still work, but you may want to ban outside access to
> implementation packages despite their containing public members. For
> this case also, an explicit list of "exports" clauses would work if
> recompiling with -source 8 or using 'jar uvf *.jar module-info.class'.

Just a quick note on this - it's not really clear what banning outside 
access would entail here.  Normal accessibility rules would be a 
sufficient check at compile-time for sure.  But at run-time, if you have 
a module's class loader, unless you use slow/clunky/possibly error-prone 
call stack introspection on every class load request you can't really 
enforce this visibility constraint.  So pretty much all you can do to 
enforce this rule is:

1. Only link exported paths (which is already the case, for us at least)
2. Prevent unauthorized access to a module's class loader (via 
Permission) when a security manager is present (we use a general 
RuntimePermission for all modules but I think for the JDK usage we 
could/should be more fine-grained)

I view module ClassLoader access as analogous to having a 
java.lang.reflect.Method which has its "accessible" attribute set to 
true.  Basically anyone who has the reference the the ClassLoader has 
full access to the module.  So yeah this means that any non-public class 
in a public and imported package can be *loaded* by, say, 
Class.forName("org.blah.Name",false,moduleClassLoader) but the normal 
accessibility checks would apply.

The alternative is to add more run-time checks; the performance penalty 
could be substantial.
-- 
- DML



More information about the jigsaw-dev mailing list