]
Antoine Sabot-Durand reassigned CDI-699:
----------------------------------------
Assignee: Antoine Sabot-Durand
AnnotationLiteral should use privileged actions for reflective
operations
-------------------------------------------------------------------------
Key: CDI-699
URL:
https://issues.jboss.org/browse/CDI-699
Project: CDI Specification Issues
Issue Type: Bug
Components: Javadoc and API
Reporter: Martin Kouba
Assignee: Antoine Sabot-Durand
Labels: security-manager
Fix For: 2.0.SP1
Currently, if an application declares its own literal which extends {{AnnotationLiteral}}
and is run with {{SecurityManager}} enabled, some methods might lead to
{{SecurityException}} (e.g. {{AnnotationLiteral.getMembers()}} called in constructor
requires {{accessDeclaredMembers}} permission). The only possible fix seems to be to grant
the permission to the deployment/application which is not very convenient. If privileged
actions were used, the app server could grant the permissions to the provided CDI API
module only.