-
Notifications
You must be signed in to change notification settings - Fork 34
BundledSignatures
Uwe Schindler edited this page Mar 23, 2024
·
21 revisions
The JAR file contains the following signatures and can be used in Maven or Ant using <bundledSignatures>. All signatures are versioned against the specified JDK version:
-
jdk-unsafe-*: Signatures of "unsafe" methods that use default charset, default locale, or default timezone. For server applications it is very stupid to call those methods, as the results will definitely not what the user wants (for Java*= 1.7, 1.8, 9,..., 22; Ant / Maven / Gradle automatically add the compile Java version). -
jdk-deprecated-*: This disallows all deprecated methods from the JDK (for Java*= 1.7, 1.8, 9,..., 22; Ant / Maven / Gradle automatically add the compile Java version). -
jdk-internal-*: Lists all internal packages of the JDK as of Security.getProperty("package.access"). Calling those methods will always trigger security manager and is completely forbidden from Java 9 on (for Java*= 1.7, 1.8, 9,..., 22; Ant / Maven / Gradle automatically add the compile Java version, since forbiddenapis v2.1). -
jdk-non-portable: Signatures of all non-portable (likecom.sun.management.HotSpotDiagnosticMXBean) or internal runtime APIs (likesun.misc.Unsafe). This is a superset of jdk-internal. Internally this is implemented using heuristics: Any reference to an API that is part of the Java runtime (rt.jar, extensions, Java 9+java.* / jdk.*core modules) and is not part of the Java SE specification packages (mainlyjava,javax, but alsoorg.ietf.jgss,org.omg,org.w3c.dom, andorg.xml.sax) is forbidden (any java version, no specific JDK version, since forbiddenapis v2.1). -
jdk-system-out: On server-side applications or libraries used by other programs, printing toSystem.outorSystem.erris discouraged and should be avoided (any java version, no specific version). -
jdk-reflection: Reflection usage to work around access flags fails with SecurityManagers and likely will not work anymore on runtime classes in Java 9 or later (any java version, no specific version, since forbiddenapis v2.1). -
commons-io-unsafe-*: If your application uses the famous Apache Common-IO library, this adds signatures of all methods that depend on default charset (for versions*= 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.15.1).