AnnotationLiteral should use privileged actions for reflective operations ------------------------------------------------------------------------- Key: CDI-699 URL: https://issues.jboss.org/browse/CDI-699 Project: CDI Specification Issues Issue Type: Bug Components: Javadoc and API Reporter: Martin Kouba Labels: security-manager Fix For: 2.1 (Discussion) Currently, if an application declares its own literal which extends {{AnnotationLiteral}} and is run with {{SecurityManager}} enabled, some methods might lead to {{SecurityException}} (e.g. {{AnnotationLiteral.getMembers()}} called in constructor requires {{accessDeclaredMembers}} permission). The only possible fix seems to be to grant the permission to the deployment/application which is not very convenient. If privileged actions were used, the app server could grant the permissions to the provided CDI API module only.