You should setAccessible(true) by default for non-public stuff. Then if the somebody invokes on it you do the permission check if a security manager is installed. | private static Permission accessCheck = new ReflectPermission("suppressAccessChecks"); | | if (notPublic) | { | SecurityManager sm = System.getSecurityManager(); | if (sm != null) | sm.checkPermission(accessCheck); | } | JBREFLECT-2 is just finding a portable way to do what setAccesible(true) does across JVMs for the javassist generated "reflection" objects (which are more efficient than the JDK classes). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136340#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...