On 10/09/2015 12:22, Robert Muir wrote:
:
When looking at the current situation for elasticsearch, as far as
internal package usage, we aren't doing it ourselves, but today i've
still got to worry about:
1. sun.misc.* for the mmap "unmap hack" of lucene.
2. sun.security.ssl.* for some crazy code in the AWS api.
3. sun.reflect.* for something groovy is doing.
Some of these are may be "critical internal APIs" described in JEP 260
[1] so there is more time to work on those.
Its rare that java libraries use these internal packages in a "nice"
way (e.g. well-contained in accesscontroller block, fallback if its
not allowed/optional,. ...). Usually it is just direct usage and
nobody is aware or cares about it, because most people are not using
securitymanager.
If I understand you then you are finding these usages with JDK 7 and JDK
8 because you're forced to configure the security policy to grant access
to these sun.* packages. So some extent then it means you have a head start.
-Alan.
[1] http://openjdk.java.net/jeps/260
