Alan Bateman wrote:
On 09/07/2016 08:46, Simon Nash wrote:

I think this a very important point.  If someone wanted to reimplement
Java serialization (java.io.ObjectOutputStream, etc.) as an external library
(com.foo.ObjectOutputStream, etc.), the new restrictions on reflective
access in JDK 9 would prevent this.
If there are types in non-exported packages in the serial form then it could be an issue. Some serialization libraries are based on Unsafe and sun.reflect.ReflectionFactory, both "critical internal APIs" that continue to be available via the jdk.unsupported module. More on this in JEP 260 [1].

-Alan

[1] http://openjdk.java.net/jeps/260

Is it really a good idea to encourage packages that currently use reflection
to access non-exported private fields (an official part of the Java API) to
change to using internal APIs?  This seems like a step backwards to me.

 Simon

Reply via email to