Replacement of sun.reflect.Reflection#getCallerClass

A. Sundararajan sundararajan.athijegannathan at oracle.com
Tue Sep 3 18:56:54 UTC 2013


Agree. I was just pointing that there are 'sensitive' packages and 
access to sensitive package classes - both normal linking reference and 
reflective reference by Class.forName - is security access checked. 
(i.e., there are Class objects that are security access protected as 
well - not just ClassLoader instances).

-Sundar

On Tuesday 03 September 2013 11:03 PM, Jochen Theodorou wrote:
> Am 03.09.2013 16:12, schrieb A. Sundararajan:
> [...]
>> If Groovy or any third-party framework gets away with that -- that is
>> because you need to use modified security policy that gives those
>> necessary permissions to groovy.jar or whatever third-party jar in
>> question.
>
> just think of us needing to build a runtime structure "copying" what 
> is in a normal class (plus some changes) available in terms of fields 
> and methods. If you don't generate that information (and you cannot 
> for unknown classes), then how can you get that without using 
> reflection and things like getDeclaredMethods. (not to mention several 
> properties and many other things).
>
> In other words: it is imho impossible to run even a single Groovy 
> program without giving it some permissions.
>
> bye Jochen
>




More information about the core-libs-dev mailing list