RFR 8073056: Repeating annotations throws java.security.AccessControlException with a SecurityManager
Joel Borggrén-Franck
joel.franck at oracle.com
Fri Feb 27 09:27:23 UTC 2015
> On 26 feb 2015, at 22:35, Peter Levart <peter.levart at gmail.com> wrote:
> On 02/26/2015 10:27 PM, Peter Levart wrote:
>> The m.setAccessible(true) for the methods is needed to access methods of non-public annotations, right? This call could be moved to AnnotationType constructor as there it will be performed only once per Method object.
>
> ...which will have the added benefit in that it will guarantee that only one MethodAccessor object per Method will ever be constructed instead of two…
>
I don’t see this. setAccessible sets override in AccessibleObject, I don’t see a new MethodAccessor being generated here.
But I agree with you, and setting it as accessible in the AnnotationType constructor should arguably be more secure since then we know it isn’t shared since we just got our copy fresh from getDeclaredMethods().
cheers
/Joel
More information about the core-libs-dev
mailing list