Replacement of sun.reflect.Reflection#getCallerClass
A. Sundararajan
sundararajan.athijegannathan at oracle.com
Tue Sep 3 18:56:54 UTC 2013
Agree. I was just pointing that there are 'sensitive' packages and
access to sensitive package classes - both normal linking reference and
reflective reference by Class.forName - is security access checked.
(i.e., there are Class objects that are security access protected as
well - not just ClassLoader instances).
-Sundar
On Tuesday 03 September 2013 11:03 PM, Jochen Theodorou wrote:
> Am 03.09.2013 16:12, schrieb A. Sundararajan:
> [...]
>> If Groovy or any third-party framework gets away with that -- that is
>> because you need to use modified security policy that gives those
>> necessary permissions to groovy.jar or whatever third-party jar in
>> question.
>
> just think of us needing to build a runtime structure "copying" what
> is in a normal class (plus some changes) available in terms of fields
> and methods. If you don't generate that information (and you cannot
> for unknown classes), then how can you get that without using
> reflection and things like getDeclaredMethods. (not to mention several
> properties and many other things).
>
> In other words: it is imho impossible to run even a single Groovy
> program without giving it some permissions.
>
> bye Jochen
>
More information about the core-libs-dev
mailing list