Hi Matej,
there's a recent addition in Lookup.defineClass which might fit your need,
see:
http://mail.openjdk.java.net/pipermail/jigsaw-dev/2017-March/011557.html
Thanks!
/Claes
On 03/31/2017 03:46 PM, Matej Novotny wrote:
Hello,
I work on Weld, context dependency injection framework.
Long story short - we need to generate proxies for classes - bytecode which we then
"register" with the class loader using java.lang.ClassLoader#defineClass.
Obviously, for this you need reflections - to load java.lang.ClassLoader, then
to load the method itself, and most importantly, to make the method accessible
cause it's `protected`.
In JDK 9, this blows up as soon as you try to make the method accessible
(invocation of setAccessible).
Fair enough, but what is the "legitimate" alternative?
I know I can --add-opens / --add-opens / --permit-illegal-access
But all those just bypass the checks and don't really solve it. I am looking
for an intended way to do such stuff.
I am pretty sure there are many frameworks which need to do this in one way or
the other.
So far I have found workarounds which involve using `sun.misc.Unsafe` because
there (for some reason) you are allowed to invoke setAccessible().
Is this the official intended backdoor? Because it sure does not look any
safer/cleaner solution than the original one...
Any thoughts appreciated
Matej
