jackson-databind
jackson-databind copied to clipboard
JDK 16 and up / Illegal Access - Default Deny Field Access Request
All Reflective Access into JDK Internal's modules have been disabled by default in JDK 16 and above, The ability to override this in JDK 17 has been removed
Describe the solution you'd like Deny all Field access to any classes located in the jdk.internal module library (java.base/java.util/java.logging etc, making sure the implementation is safe for JDK 8 as well),
Use properties (get/set/is) only for all and any classes located in these closed packages
- Date
- LocalDateTime and the entire suite
- java.sql.xxx
- java.util.concurrent.atomic.xxxxx
Initial thoughts are :
- Implement the auto detect function to use None for fields by default for all classes located under the java. namespace, and javax namepsace
- perhaps a package-info mixin, not sure?
Usage example
class xMe
{
private LocalDate failOnIllegalAccessFieldAccess;
}
Additional context The change shouldn't impact anything backwards compatible, as the same fields used for serialization and deserialization do exists as properties in all the affected classes