-
CSR
-
Resolution: Approved
-
P4
-
source, behavioral
-
minimal
-
-
Java API
-
JDK
Summary
With the removal of the security manager in JEP 486, access to sun.reflect.getReflectionFactory() is not restricted.
Problem
JEP 486: Permanently Disable the Security Manager removed the restriction on access to sun.reflect.ReflectionFactory. The unsupported API ReflectionFactory provides access to the master factory for all reflective objects, both those in java.lang.reflect (Fields, Methods, Constructors) as well as their delegates (FieldAccessors, MethodAccessors, ConstructorAccessors).
Among the uses of ReflectionFactory were construction of objects for serialization.
Solution
The calling of sun.reflect.ReflectionFactory() no longer limits access,
there is no SecurityManager to impose a restrictive policy.
Specification
The javadoc of sun.reflect.ReflectionFactory() is reduced to:
/**
* Provides the caller with the capability to instantiate reflective
* objects.
*
* <p> The returned <code>ReflectionFactory</code> object should be
* carefully guarded by the caller, since it can be used to read and
* write private data and invoke private methods, as well as to load
* unverified bytecodes. It must never be passed to untrusted code.
*/
public static ReflectionFactory getReflectionFactory() {...}- csr of
-
JDK-8344327 SM cleanup in jdk.unsupported ReflectionFactory
-
- Resolved
-