setAccessible() alternative with Jigsaw

[Alan Bateman]

On 31/03/2017 14:46, Matej Novotny wrote:

> Hello,
>
> I work on Weld, context dependency injection framework.
> Long story short - we need to generate proxies for classes - bytecode which we then "register" with the class loader using java.lang.ClassLoader#defineClass.
>
> Obviously, for this you need reflections - to load java.lang.ClassLoader, then to load the method itself, and most importantly, to make the method accessible cause it's `protected`.
> In JDK 9, this blows up as soon as you try to make the method accessible (invocation of setAccessible).
>
> Fair enough, but what is the "legitimate" alternative?
> I know I can --add-opens  / --add-opens / --permit-illegal-access
> But all those just bypass the checks and don't really solve it. I am looking for an intended way to do such stuff.
> I am pretty sure there are many frameworks which need to do this in one way or the other.
>
> So far I have found workarounds which involve using `sun.misc.Unsafe` because there (for some reason) you are allowed to invoke setAccessible().
> Is this the official intended backdoor? Because it sure does not look any safer/cleaner solution than the original one...
>
As Claes pointed out, look at Lookup.defineClass. It shouldn't be too 
hard to imagine a future update of the CDI spec where there a select 
variant that includes a Lookup to the target class with the @Inject 
annotation. When using Weld outside of a container then I think there is 
main code that obtains the WeldContainer and selects the types, that 
might be a suitable place to extend to provide the Lookup to the library.

MethodHandles.privateLookupIn might also be useful to know about, esp. 
starting out when you don't want to make API changes and where the 
user's code is on the class path or in open modules.

-Alan