http://mail.openjdk.java.net/pipermail/jigsaw-dev/2017-March/011557.html
On Fri, Mar 31, 2017 at 3:46 PM, Matej Novotny <manov...@redhat.com> wrote: > Hello, > > I work on Weld, context dependency injection framework. > Long story short - we need to generate proxies for classes - bytecode which > we then "register" with the class loader using > java.lang.ClassLoader#defineClass. > > Obviously, for this you need reflections - to load java.lang.ClassLoader, > then to load the method itself, and most importantly, to make the method > accessible cause it's `protected`. > In JDK 9, this blows up as soon as you try to make the method accessible > (invocation of setAccessible). > > Fair enough, but what is the "legitimate" alternative? > I know I can --add-opens / --add-opens / --permit-illegal-access > But all those just bypass the checks and don't really solve it. I am looking > for an intended way to do such stuff. > I am pretty sure there are many frameworks which need to do this in one way > or the other. > > So far I have found workarounds which involve using `sun.misc.Unsafe` because > there (for some reason) you are allowed to invoke setAccessible(). > Is this the official intended backdoor? Because it sure does not look any > safer/cleaner solution than the original one... > > Any thoughts appreciated > Matej