Java 7u40 Java SE 8 sun.reflect.Reflection.getCallerClass [closed]

Question

i have read the following post

Oracle Discontinuing sun.reflect.Reflection.getCallerClass

i was wondering what this change really means.

1). Means that this class sun.reflect.Reflection.getCallerClass will be rewritten to provide more security in Java reflection?

2). Means this class will no more be needed? maybe another approach?

3). Reflection will be over in Java 8. method.invoke will throw UnsupportedOperationException.??

4). this will affect anything related to Spring or AspectJ Aspect Oriented Programming?

i was wondering because we use Reflection method.invoke to provide some flags to the class before being send to the DB. this raises another question if reflection is over what approach can i use to provide my behavior above. i think AOP is a way to go.

thanks a lot.

Answer 1

Short answer: you only need to worry if you use sun.reflect.Reflection.getCallerClass. (And it is ludicrous to suggest that Java reflection is being withdrawn.)

A longer answer is that the functionality provided by that method is being reworked in JEP 176. The old method is actually being removed ... not just deprecated. It is a method in the sun.* tree, and application code should not be calling it directly. The current plan seems to be:

• to remove this functionality entirely if no valid use cases can be identified, or

• provide a replacement API, or at least defer the hard removal of the current method from Java 7

---

The original primary use-case for this private API was for security managers and the like that needed to know who called them. Unfortunately, this approach has proven to be fragile. A new approach to that problem (using message handles) has been designed. Rather than leaving this API in place for application code to use willy-nilly for dubious purposes, they have decided to force the issue.

However, there are signs of push-back on this issue because it is causing breakages in things like Groovy and JRuby.

References:

• This message thread: http://www.mail-archive.com/[email protected]/msg05325.html

---

Your specific questions:

1). Means that this class sun.reflect.Reflection.getCallerClass will be rewritten to provide more security in Java reflection?

See above. I suspect that there is a security related motivation for this.

UPDATE - This confirms it: https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf

2). Means this class will no more be needed? maybe another approach?

See above. They haven't yet determined whether the functionality is needed.

3). Reflection will be over in Java 8. method.invoke will throw UnsupportedOperationException.??

No to both of these. This is just about a specific method of a specific class in the sun.* packages.

It does not impact on reflection in general or on method.invoke().

4). this will affect anything related to Spring or AspectJ Aspect Oriented Programming?

Probably not. It would only affect those technologies if they relied on that particular method. If they do, then the respective library maintainers will need to ensure that the Java team are aware of the use-cases that require this. I imagine the maintainers are tracking this.