JDK-8164908 : ReflectionFactory support for IIOP and custom serialization
- Type: Bug
- Component: other-libs
- Sub-Component: corba
- Affected Version: 9
- Priority: P2
- Status: Closed
- Resolution: Fixed
- Submitted: 2016-08-27
- Updated: 2018-02-08
- Resolved: 2016-10-24
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 8 | JDK 9 | Other |
|---|---|---|
8u121Fixed  |
9 b142Fixed |
openjdk7uFixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
As things currently stand, code can use setAccessible(true) to break into non-public types/members in exported packages (but not non-exported packages). The proposal is to change this so that setAccessible(true) cannot be used to break in unless the package is open. This change will break the IIOP serialization/deserialization code. We thought it was using Unsafe but it is instead using core reflection + setAccessible(true). This will needed to be changed quickly as CORBA/IIOP will otherwise be broken. In addition, IIOP is using setAccessible(true) to get at non-public readObject/writeObject methods. We may have to add new methods to ReflectionFactory to help this use-case and change the IIOP implementation to use those.