Relates :
|
|
Relates :
|
|
Relates :
|
As things currently stand, code can use setAccessible(true) to break into non-public types/members in exported packages (but not non-exported packages). The proposal is to change this so that setAccessible(true) cannot be used to break in unless the package is open. This change will break the IIOP serialization/deserialization code. We thought it was using Unsafe but it is instead using core reflection + setAccessible(true). This will needed to be changed quickly as CORBA/IIOP will otherwise be broken. In addition, IIOP is using setAccessible(true) to get at non-public readObject/writeObject methods. We may have to add new methods to ReflectionFactory to help this use-case and change the IIOP implementation to use those.