Alan Bateman wrote:
On 09/07/2016 08:46, Simon Nash wrote:
I think this a very important point. If someone wanted to reimplement
Java serialization (java.io.ObjectOutputStream, etc.) as an external
library
(com.foo.ObjectOutputStream, etc.), the new restrictions on reflective
access in JDK 9 would prevent this.
If there are types in non-exported packages in the serial form then it
could be an issue. Some serialization libraries are based on Unsafe and
sun.reflect.ReflectionFactory, both "critical internal APIs" that
continue to be available via the jdk.unsupported module. More on this in
JEP 260 [1].
-Alan
[1] http://openjdk.java.net/jeps/260
Is it really a good idea to encourage packages that currently use reflection
to access non-exported private fields (an official part of the Java API) to
change to using internal APIs? This seems like a step backwards to me.
Simon