Should setAccessible be part of Java or not? (was Re: It's not too late for access control)

David M. Lloyd david.lloyd at redhat.com
Thu Jul 14 13:41:52 UTC 2016 

On 07/14/2016 05:28 AM, Alan Bateman wrote:
> On 14/07/2016 11:16, Andrew Haley wrote:
>
>> :
>> OK.  But "in the very long term" such a basic language change needs
>> all stakeholders to be consulted.
> I agree (although it's not really a language change in that it's API way
> to suppress access checks specified by the language).
>
>> :
>> Yes, indeed, and that is potentially a significant problem.  My
>> comment stands: there is a serious possibility that his will make it
>> impossible to use (non-exported) Jigsaw modules for some kinds of
>> programming.  This is exactly the kind of decision that needs all
>> stakeholders to be consulted.
>>
>> It ought to be possible to have some kind of conditional export which
>> only allows such access by (e.g.)  suitably privileged frameworks or
>> tools.  But I have no desire to get involved in such design issues: I
>> am only going to say that this is an issue which requires wider
>> consultation.
>>
> This is #ReflectiveAccessToNonExportedTypes on the JSR 376 issues list.
> The problem is reasonably well understood and there are several
> proposals and approaches being discussed and considered.

An important aspect of my proposal is that, by separating exports from 
accessibility, any framework which operates on public classes will 
continue to work without any modifications to exports.  Dropping 
'setAccessible' becomes more of a likelihood when frameworks have *some* 
option (like the ability to reflect any public class) available to them; 
even if it means, long-term, that these specifications and frameworks 
slowly have to make their way towards operating only on public classes.

In fact I would say that it makes a hypothetical migration path 
available for this purpose:

Time  Action
----  ------
    0  Jigsaw introduces friend packages
    1  Frameworks slowly move to hide non-public public things
    n  Java makes setAccessible() disablable via some --safe-mode switch
       Users begin to move to public types for their frameworked classes
    m  Java makes --safe-mode the default, adds --unsafe-mode for legacy 
things
       More users move to public types
    z  Java drops support for --unsafe-mode, setAccessible throws UOE 
forever after

In this example, n could even equal 0 - that is, we could start this 
right now.

-- 
- DML

More information about the jigsaw-dev mailing list