On 27/08/2017 05:00, Russell Gold wrote:
When you say it is open to all unnamed modules, do you mean open with
warnings? How do you declare a module open? I don’t see that in the
current module documentation. Why is it only open to unnamed modules,
and how can we detect that a warning would be given? Our goal is to
avoid the manipulations that will result in warnings (and therefore be
forbidden in future versions of Java).
The packages that existed in JDK 8 and still exist in JDK 9 are open to
code on the class path (or more generally all unnamed) modules to allow
existing bad code to continue to work. There is a detailed note in JDK 9
release notes [1] on this topic and there will be further details on
this in the upcoming JDK 9 docs.
There isn't any programmatic way to know in advance if a warning will be
printed. It's easy to test if packages are open to only all unnamed
modules but this isn't enough - the reason is that packages can be
opened explicitly, via --add-opens`, and there won't be warnings there
there an otherwise illegal access to a member of the packages opened
this way.
This is not related to IIOP, but some proprietary deserialization,
which was written using some rather nasty manipulations via
reflection. The code in question allows us to detect that those tricks
won’t work (without warnings), and gracefully degrade to an
alternative, albeit slower, implementation. Because of the way it
works, ReflectionFactory is insufficient. The goal is to recognize
which /reflection/ calls are likely to be permitted, and which are
not. It is a step away from the current hack. In practice, it means
that it works one way in JDK8 and a different way in JDK9 or later.
Have you looked at using multi-release JARs?
-Alan
[1] http://jdk.java.net/9/release-notes
