Should setAccessible be part of Java or not? (was Re: It's not too late for access control)

[Alan Bateman]

On 14/07/2016 10:03, Andrew Haley wrote:

> On 14/07/16 09:59, Andrew Dinn wrote:
>> If this aspect of how Java currently works is to be removed then I
>> believe it needs to be done so on the basis of a publicly established
>> consensus, preferably under the aegis of the JSR EG. It certainly does
>> not seem right to me that  such a goal should be adopted by an
>> implementation team without such consultation.
> It goes much wider than Jigsaw: such a basic language change needs all
> stakeholders to be consulted.  Most of them surely won't be reading
> the Jigsaw list, yet will still be affected.
>
This project (and JSR) is not proposing to remove setAccessible as that 
would break many things. The comment that Andrew Dinn picked up started 
with "In the very long term ..." and is a throw away comment on where 
the platform needs to go long term. In general then we need to find 
better solutions for things that setAccessible is used for today. That 
could take years and many major releases. It's a bit like the Unsafe 
issue in that regard.

Confusion aside, we have taken a first baby step towards degrading 
setAccessible so that it can't be used to break into non-exported 
packages. There was discussion about this on the EG mailing list last 
year, much discussion on it here too.

Agents (Andrew Dinn's main interest I think) have the power to change 
bytecode and extend modules at runtime to break encapsulation. I don't 
think there is anything to be overly concerned here.

-Alan