Replacing Unsafe.allocateInstance

Henri Tremblay henri at
Tue Jun 30 17:25:12 UTC 2015

Thanks. That was my understanding.

So I would put the same kind of restriction on the new API. Something close
to "suppressAccessChecks" used in setAccessible

On 30 June 2015 at 13:19, Chris Hegarty <chris.hegarty at> wrote:

> On 30 Jun 2015, at 16:03, Henri Tremblay <henri at> wrote:
> ….
> > Then, I want to make sure I got the security problem right. Right now,
> the
> > ReflectionFactory isn't protected by anything apart the fact the it is
> in a
> > sun.* package. So if we move it in a java.* package, we will need to
> > provide a way to add security to it. Am I getting it?
> sun.* is on the restricted package list and not directly accessible by
> untrusted code ( when running with a security manager ).
> -Chris

More information about the jdk9-dev mailing list