Is there real demand for this?

No one has explicitly asked for it, if you mean that. However,I think the general approach is valid. All the wrapped methods we are talking about could throw security exception.

Frankly, we did it in Hibernate Validator because Oracle asked for it but we know it costs a bit in code readability

I don't think readability suffers here. The reflection calls go via a helper class. That's all the API you need and does not look different to a helper class doing straight reflection.

and is costly in design (esp exhaustiveness) and performance.

I don't think so, but of course one would need to benchmark just this. However, during all my performance testing in HV I never noticed the PriviligedAction to be a bottle neck.

Unless we see customer demands for security aware HSearch, I'd relegate that feature down the line especially compared to the rest of the road map.

Sure, it is not top priority. We have bigger fish to fry. On the other hand it would still be an improvement imo.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira