Hello,
In CXF we use org.apache.cxf.transport.http.ReferencingAuthenticator to create a chain of org.apache.cxf.transport.http.CXFAuthenticators. Every time we add a new CXFAuthenticator we set the new link as the default authenticator and link to the old head. This is so we can delegate the static call Authenticator.requestPasswordAuthentication() to a non-static list of instances of CXFAuthenticator. When Authenticator.requestPasswordAuthentication() is called, the JDK pass es in the requesting host, port, protocol, scheme etc... which get set as private variables on the current head ReferencingAuthenticator and then ReferencingAuthenticator.getPasswordAuthentication() gets called. ReferencingAuthenticator.getPasswordAuthentication() uses deep reflection to copy the private non-static variables of java.net.Authenticator from the head to each link in the chain before calling getPasswordAuthentication() on each of the wrapped CXFAuthenticators. This will no longer work in Java 9 with the new jigsaw module changes. We need a mechanism in Java 9 to copy those private variables from one authenticator to another for our Authenticator chain to work. The 2 options I see are: 1. Request Oracle to add setter methods for each variable (there are already getters) to the Authenticator API. 2. Request Oracle to add a "copyState" method to the Authenticator API which copies all private non-static variables of one Authenticator to another. Right now I am leaning towards options #2. What are your thoughts? Are there any other options to make this work with Java 9?
