Am 17.05.2021 um 18:10 schrieb Remi Forax:
----- Mail original -----
De: "Christian Beikov" <christian.bei...@gmail.com>
À: "jigsaw-dev" <jigsaw-dev@openjdk.java.net>
Envoyé: Lundi 17 Mai 2021 17:43:15
Objet: Fwd: Add reads to open module
Hi,
I have a use case where I generate some code and that code refers to
classes of some module B.
When the module A (an open module), into which I define that class, has
no read-edges to the module B, this fails saying that A does not read B.
That's fine and totally understandable, so I tried to add the following
code:
moduleA.addReads("moduleB.pkg", moduleB)
but this is not allowed as `addReads` only works if `this == callerModule`.
My workaround is to define a class into module A that can then call this
method.
Is there a reason to this limitation? I mean the module is open anyway,
so anyone can just define a class into it, so why not also allow calling
addReads?
It's basic security [1], you can not see something you do not ask for.
By example, if your module as a security issue, you don't want an attacker to
be able to see all other open modules from your module.
Right, but the module is open already, so I can do anything by injecting
code into that module. It's more of a usabulity question I guess,
because I'd rather just call `Module#addReads` directly instead of doing
this through a <clinit> or a dedicated class that I inject. Not sure how
the system is more secure by not allowing to call this method directly
in this case.
Regards,
Christian
regards,
Rémi
[1] https://en.wikipedia.org/wiki/Defense_in_depth_(computing)
