Kabir Khan wrote:
The next problem is the Javassist version of the Field-/MethodAccessRestrictionTestCase. These fail since the javassist generated accessors (from JBREFLECT-6) are able to access private members, due to inheriting from sun.reflect.MagicAccessorImpl, so we don't get the expected exceptions when calling private members with a security manager enabled. My plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception if an attempt is made to access them if they are not public and there is a security manager present.
No, if there is a SecurityManager you should do a similar check to what is done by the Reflection based api,
i.e. whether the caller has the "suppressAccessChecks" permission.
See ReflectionMethodInfoImpl.
P.S. I don't think you've solved the whole problem, see
https://jira.jboss.org/jira/browse/JBREFLECT-2
e.g. the MagicAccessorImpl trick doesn't work on jrockit for classes outside the bootstrap classloader.