CallerSensitive access rights problems
Tom Hawtin
tom.hawtin at oracle.com
Mon Nov 18 16:54:04 UTC 2013
On 18/11/2013 14:59, Jochen Theodorou wrote:
>
> java.lang.Class has multiple methods annotated with CallerSensitive (see
> http://hg.openjdk.java.net/jdk8/jdk8-gate/jdk/file/tip/src/share/classes/java/lang/Class.java).
> Now if we in Groovy here want to build our runtime structure for this
> class, and the security manager is not allowing access to sun.reflect,
> then we get into trouble. https://jira.codehaus.org/browse/GROOVY-6405
> is caused by this.
The stack trace in the bug report is running under Google App Engine. I
have no idea what GAE does about security. Anyway, it appears that that
you are trying to access an annotation under package.access applied to a
public class. If you are running untrusted code under a security
manager, I guess you just want to ignore those. Catching the security
exception seems more reliable that testing for a specific package name.
Tom
More information about the core-libs-dev
mailing list