RFR 8073056: Repeating annotations throws java.security.AccessControlException with a SecurityManager
Mandy Chung
mandy.chung at oracle.com
Fri Feb 27 00:04:14 UTC 2015
On 2/26/15 1:27 PM, Peter Levart wrote:
>
> On 02/26/2015 05:34 PM, Mandy Chung wrote:
>>> The problem is with the default method
>>> AnnotatedElement::getDeclaredAnnotationsByType. If someone has an
>>> external implementation of AnnotatedElement (and one of the lessons
>>> from adding these methods in 8 was that there are other
>>> implementations) then if that external implementation haven’t added
>>> getDeclaredAnnotationsByType they will call into our
>>> AnnotationSupport. This is all fine if that external representation
>>> of AnnotatedElement uses our representation of Annotations, with
>>> Proxies and all. But I suspect that the conditions that would end up
>>> taking the non-proxy code path in the patch, will already fail in
>>> the check:
>>>
>>> AnnotationType annoType =
>>> AnnotationType.getInstance(containerClass);
>>> if (annoType == null)
>>> throw invalidContainerException(container, null);
>>>
>>> So what is the best thing to do here if the annotation is not Proxy
>>> based and is coming from an implementation of the AnnotatedElement
>>> interface that we don’t control and that is missing the methods
>>> added in 8?
>>
>> I did a quick search on my corpus and find only one reference to
>> sun.reflect.annotation.AnnotationType. Looks like external
>> implementation
>> doesn't get pass this.
>
> Now I'm missing something. Why would a custom non-Proxy based
> annotation not pass the above code?
I had assumed that AnnotationType.getInstance also expects the
implementation of the annotation type is
sun.reflect.annotation.AnnotationType. I don't know enough about this
area and that's just my observation. Hope Joel will say more details.
> I don't see anything in AnnotationType implementation that would be
> dependent on annotation implementation to be a Proxy. AnnotationType
> only deals with the annotation type, which is an interface, not with
> implementation.
>
> The m.setAccessible(true) for the methods is needed to access methods
> of non-public annotations, right?
I think so.
> This call could be moved to AnnotationType constructor as there it
> will be performed only once per Method object.
>
If the specification supports other implementation, it seems to me that
calling setAccessible(true) should be wrapped with doPrivileged unless
the specification states the "suppressAccessCheck" permission is
required; otherwise, SecurityException will be thrown. It'd be good to
clarify what that code is intended for.
Mandy
More information about the core-libs-dev
mailing list