On 27/08/2014 21:13, David M. Lloyd wrote:
I don't know about that. We're talking, as always, about the concepts
of visibility as opposed to accessibility. Until now, all discussion
has been in the context of visibility, which as I said (and MR agreed)
is easily subverted - but then MR said he intends to "enforce module
boundaries via access-control checks in the VM" which blurs the line
considerably. So if we're now moving into accessibility territory
across class loaders, we're definitely and squarely overlapping with
AccessController and its related facilities - i.e. "does module X have
permission to import module Y?". This is clearly a permission check,
exactly like those done against the protection domain(s) of the
module's class loader - why introduce a new mechanism when an existing
matching solution exists?
For access control then think how accessibility specified in the JLS and
JVMS might evolve rather than java.security.AccessController,
permissions, and the security manager world. This is all discussion for
a future JEP and JSR of course.
-Alan
