RFR 8073056: Repeating annotations throws java.security.AccessControlException with a SecurityManager
Peter Levart
peter.levart at gmail.com
Thu Feb 26 21:27:28 UTC 2015
On 02/26/2015 05:34 PM, Mandy Chung wrote:
>> The problem is with the default method
>> AnnotatedElement::getDeclaredAnnotationsByType. If someone has an
>> external implementation of AnnotatedElement (and one of the lessons
>> from adding these methods in 8 was that there are other
>> implementations) then if that external implementation haven’t added
>> getDeclaredAnnotationsByType they will call into our
>> AnnotationSupport. This is all fine if that external representation
>> of AnnotatedElement uses our representation of Annotations, with
>> Proxies and all. But I suspect that the conditions that would end up
>> taking the non-proxy code path in the patch, will already fail in the
>> check:
>>
>> AnnotationType annoType =
>> AnnotationType.getInstance(containerClass);
>> if (annoType == null)
>> throw invalidContainerException(container, null);
>>
>> So what is the best thing to do here if the annotation is not Proxy
>> based and is coming from an implementation of the AnnotatedElement
>> interface that we don’t control and that is missing the methods added
>> in 8?
>
> I did a quick search on my corpus and find only one reference to
> sun.reflect.annotation.AnnotationType. Looks like external
> implementation
> doesn't get pass this.
Now I'm missing something. Why would a custom non-Proxy based annotation
not pass the above code? I don't see anything in AnnotationType
implementation that would be dependent on annotation implementation to
be a Proxy. AnnotationType only deals with the annotation type, which is
an interface, not with implementation.
The m.setAccessible(true) for the methods is needed to access methods of
non-public annotations, right? This call could be moved to
AnnotationType constructor as there it will be performed only once per
Method object.
Regards, Peter
More information about the core-libs-dev
mailing list