Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8164908

ReflectionFactory support for IIOP and custom serialization

    Details

    • Subcomponent:
    • Resolved In Build:
      b142
    • Verification:
      Verified

      Backports

        Description

        As things currently stand, code can use setAccessible(true) to break into non-public types/members in exported packages (but not non-exported packages). The proposal is to change this so that setAccessible(true) cannot be used to break in unless the package is open.

        This change will break the IIOP serialization/deserialization code. We thought it was using Unsafe but it is instead using core reflection + setAccessible(true). This will needed to be changed quickly as CORBA/IIOP will otherwise be broken.

        In addition, IIOP is using setAccessible(true) to get at non-public readObject/writeObject methods. We may have to add new methods to ReflectionFactory to help this use-case and change the IIOP implementation to use those.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  rriggs Roger Riggs
                  Reporter:
                  alanb Alan Bateman
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: