Feedback on proposal for #ReflectiveAccessToNonExportedTypes

Andrew Dinn adinn at redhat.com
Fri Jul 8 08:17:52 UTC 2016 

On 07/07/16 23:31, Paul Benedict wrote:
> It should be pointed out that the only reason IoC containers can succeed
> with setAccessible() is because developers commonly run without the
> Security Manager enabled. People who use IoC want to this circumvention on
> purpose. It's not an oversight -- it's intended. As far as I am concerned,
> if you're a module running inside of my application, I have every right to
> reflect into every you. That's my right, of course, unless I have
> explicitly turned on the Security Manager. So if I want the magic, I can
> have it. If I want to forbid it, I can.... but I do not buy into the
> argument the Module System is doing me a favor by preventing me (de facto)
> from reflecting into the non-exported types.

That's not quite correct. Another way IoC containers can succeed with
setAccessible() is for their developers to run with the
Security Manager very carefully and specifically enabled to allow their
own privileged code to use setAccessible(). When my agent runs inside
EAP or Wildfly it has to establish a security policy that allows it to
use reflection because that option is not granted to it by default.

Luckily, the use of a security policy for this purpose is something that
can be configured external to the code i.e. without having to rebuild,
redistribute and redeploy the applications, the container and the
enormous array of 3rd party components it depends on.

Well, no, I take that last point back. Of course, it happened by design
rather than by luck -- because it was driven by pragmatic, practical
concerns rather than a model of how applications ought to be written.

> If this restriction stays (and I am really hoping it doesn't), my next best
> hope is for Containers like WildFly, Tomcat, SpringBoot etc. to enable me
> to do this. If the Layer has a hook into amending the Module Descriptor,
> then I am hoping each Container will automatically set "dynamic" to each
> non-exported package. I think this will be a highly requested and
> sought-after feature.

It will also be a rather dangerous feature to enable. A more restricted
model for managing access would be far preferable.

regards,


Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander

More information about the jigsaw-dev mailing list