Am 17.05.2021 um 18:34 schrieb fo...@univ-mlv.fr:
----- Mail original -----
De: "Christian Beikov" <christian.bei...@gmail.com>
À: "Remi Forax" <fo...@univ-mlv.fr>
Cc: "jigsaw-dev" <jigsaw-dev@openjdk.java.net>
Envoyé: Lundi 17 Mai 2021 18:27:01
Objet: Re: Add reads to open module
Am 17.05.2021 um 18:10 schrieb Remi Forax:
----- Mail original -----
De: "Christian Beikov" <christian.bei...@gmail.com>
À: "jigsaw-dev" <jigsaw-dev@openjdk.java.net>
Envoyé: Lundi 17 Mai 2021 17:43:15
Objet: Fwd: Add reads to open module
Hi,
I have a use case where I generate some code and that code refers to
classes of some module B.
When the module A (an open module), into which I define that class, has
no read-edges to the module B, this fails saying that A does not read B.
That's fine and totally understandable, so I tried to add the following
code:
moduleA.addReads("moduleB.pkg", moduleB)
but this is not allowed as `addReads` only works if `this == callerModule`.
My workaround is to define a class into module A that can then call this
method.
Is there a reason to this limitation? I mean the module is open anyway,
so anyone can just define a class into it, so why not also allow calling
addReads?
It's basic security [1], you can not see something you do not ask for.
By example, if your module as a security issue, you don't want an attacker to be
able to see all other open modules from your module.
Right, but the module is open already, so I can do anything by injecting
code into that module. It's more of a usabulity question I guess,
because I'd rather just call `Module#addReads` directly instead of doing
this through a <clinit> or a dedicated class that I inject. Not sure how
the system is more secure by not allowing to call this method directly
in this case.
You can do that, because you control the command line, an attacker may not be
able to do the same thing.
Rémi
This has nothing to do with the command line. This is all in Java code.
