Should setAccessible be part of Java or not? (was Re: It's not too late for access control)
Jason Greene
jason.greene at redhat.com
Thu Jul 14 22:25:05 UTC 2016
> On Jul 14, 2016, at 5:07 PM, John Rose <john.r.rose at oracle.com> wrote:
>
> On Jul 14, 2016, at 4:51 AM, Andrew Haley <aph at redhat.com> wrote:
>>
>> Forgive me if I've missed something, but
>> #ReflectiveAccessToNonExportedTypes does not deal with the need to
>> make fields or methods accessible to the framework. That's what
>> setAccessible is used for. It would certainly be nice for a
>> framework to be able to say "make it accessible, but only to me."
>
> Saying setAccessible is like "borrowing" (without owner permission) a
> key to one locked door, if a non-public method is like a locked door.
Not to sound like a broken record, but not all systems want the module to control its own security. They want an intermediary.
And that's a perfectly fine and reasonable security model.
>
> Today's MethodHandles.Lookup object gives another way to open such
> doors. But you have to obtain the lookup object from a party that already
> has access rights. It is like the owner of a building (a class) giving a key
> which opens all the doors in the building, or all the doors not marked "Private".
>
> With both setA Methods and Lookups, once you have the key in hand,
> you have to lock it up to prevent bad guys from stealing it from you.
> And if you loan it out, you have to loan it to trustworthy parties.
>
> Somewhere in between the two (unrestricted "borrowing" vs. direct delegation
> of original access rights) must be some better conventions for reflecting into frameworks.
>
> — John
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
More information about the jigsaw-dev
mailing list