> On 7 Nov 2017, at 13:54, Paul Sandoz <paul.san...@oracle.com> wrote: >> >>> If it's not used by an indy, why do we need to test that ? Also, why it's >>> not called in invoke ? >> >> …Enum.valueOf doesn't do a security check; that is its choice. >> This means that if you pass it an enum type that is not public >> or not in a package exported to you, you can still peek at its >> enum values. Meanwhile, when javac emits a reference to >> an enum, it does so with getstatic. The getstatic bytecode >> *does* perform access checks. The call to validateClassAccess >> performs those checks, for alignment with the semantics >> of getstatic. The internal use of Enum.valueOf is just a detail >> of the emulation of getstatic in the case of an enum. >> >> (Note to self: Never use enums to implement a shared >> secrets pattern.) >> >> For bootstrap methods I prefer to use the most restrictive >> set of applicable access rules, handshaking with the lookup. >> >> In the case of enums it doesn't matter much, as you say, >> because Enum.valueOf leaves the door open. >> > > Yes, Brian and I noticed that so we punted on the access control. >
Hold on… no we didn’t, we included the explicit access control check. Paul.
