Hi Rafael,
On 13/06/2021 22:28, Rafael Winterhalter wrote:
Furthermore, it is difficult to create a working facade for dispatching to
the security manager only if it is available. Methods like
AccessController.doPrivileged are caller sensitive and by adding a utility
to a library, this utility would leak to any potential user. It would
therefore require package-private dispatchers for any relevant package,
which would lead to a lot of copy-paste to retain backwards compatibility
(given that a library cannot assume to be run as a module).
Here's my attempt / idea for such a utility which uses
MethodHandles.Lookup as an additional argument in order to dispatch to a
caller-sensitive AccessControler.doPrivileged:
https://gist.github.com/plevart/ec333cb2c3a0306793961e8fb223bc98
I don't know whether this helps much in your situation because apps
currently using AccessControler.doPrivileged would have to 1st migrate
to using such utility wrapper so you would have to provide an
independent module containing it. But it is a possible solution in the
long run when AccessControler API is removed from JDK.
Regards, Peter
