• Home
• de.thetaphi
• forbiddenapis
• 3.8
• source code
• bundled-signatures.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

forbiddenapis-3.8.src.main.docs.bundled-signatures.html Maven / Gradle / Ivy

Bundled Signatures Documentation

The JAR file contains the following signatures and can be used in Ant, Maven, or Gradle using <bundledSignatures>.
All signatures are versioned against the specified JDK version: 



jdk-unsafe-*: Signatures
of "unsafe" methods that use default charset, default locale, or default timezone. For server applications it is very
stupid to call those methods, as the results will definitely not what the user wants
(for Java * = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version).

jdk-deprecated-*: This disallows all deprecated
methods from the JDK (for Java * = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version).

jdk-internal-*: Lists all internal packages of the JDK as of Security.getProperty("package.access").
Calling those methods will always trigger security manager and is completely forbidden from Java 9 on
(for Java * = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version, since forbiddenapis v2.1).

jdk-non-portable: Signatures of all non-portable (like com.sun.management.HotSpotDiagnosticMXBean)
or internal runtime APIs (like sun.misc.Unsafe). This is a superset of jdk-internal.

Internally this is implemented using heuristics: Any reference to an API that is part of the Java runtime (rt.jar, extensions,
Java 9+ java.* / jdk.* core modules) and is not part of the Java SE specification packages
(mainly java, javax, but also org.ietf.jgss, org.omg, org.w3c.dom, and org.xml.sax) is forbidden
(any java version, no specific JDK version, since forbiddenapis v2.1).


jdk-system-out: On server-side applications or libraries used by other programs, printing to
System.out or System.err is discouraged and should be avoided (any java version, no specific JDK version).

jdk-reflection: Reflection usage to work around access flags fails with SecurityManagers
and likely will not work anymore on runtime classes in Java 9 or later (any java version, no specific JDK version, since forbiddenapis v2.1).

commons-io-unsafe-*: If your application uses the famous Apache Common-IO library,
this adds signatures of all methods that depend on default charset
(for versions * = 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.15.1, 2.16.0, 2.16.1, 2.17.0).