> On Aug 23, 2017, at 1:49 AM, Alan Bateman <alan.bate...@oracle.com> wrote:
>
> On 16/08/2017 02:09, Russell Gold wrote:
>> :
>>
>> but:
>>
>> method.getDeclaringClass().getModule().isOpen("java.io",
>> callingClass.getModule())
>> -> true // which seems to say that it IS open to that
>> particular unnamed module ?!
>>
>>
> As Mandy points out, isOpen(String) is used to test if a package is open to
> all modules. In the example, java.io is open to all unnamed modules but is
> not open to all modules.
When you say it is open to all unnamed modules, do you mean open with warnings?
How do you declare a module open? I don’t see that in the current module
documentation. Why is it only open to unnamed modules, and how can we detect
that a warning would be given? Our goal is to avoid the manipulations that will
result in warnings (and therefore be forbidden in future versions of Java).
> Is the context CORBA and IIOP deserialization? I'm curious what is
> interesting in java.io that isn't provided by the updated ReflectionFactory
> API. As you know, the JDK's java.corba module was updated to use this and so
> avoids depending on java.io internals.
This is not related to IIOP, but some proprietary deserialization, which was
written using some rather nasty manipulations via reflection. The code in
question allows us to detect that those tricks won’t work (without warnings),
and gracefully degrade to an alternative, albeit slower, implementation.
Because of the way it works, ReflectionFactory is insufficient. The goal is to
recognize which reflection calls are likely to be permitted, and which are not.
It is a step away from the current hack. In practice, it means that it works
one way in JDK8 and a different way in JDK9 or later.
