[cdi-dev] [JBoss JIRA] (CDI-699) AnnotationLiteral should use privileged actions for reflective operations
Martin Kouba (JIRA)
issues at jboss.org
Mon Mar 27 08:45:02 EDT 2017
Martin Kouba created CDI-699:
--------------------------------
Summary: AnnotationLiteral should use privileged actions for reflective operations
Key: CDI-699
URL: https://issues.jboss.org/browse/CDI-699
Project: CDI Specification Issues
Issue Type: Bug
Components: Javadoc and API
Reporter: Martin Kouba
Fix For: 2.1 (Discussion)
Currently, if an application declares its own literal which extends {{AnnotationLiteral}} and is run with {{SecurityManager}} enabled, some methods might lead to {{SecurityException}} (e.g. {{AnnotationLiteral.getMembers()}} called in constructor requires {{accessDeclaredMembers}} permission). The only possible fix seems to be to grant the permission to the deployment/application which is not very convenient. If privileged actions were used, the app server could grant the permissions to the provided CDI API module only.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the cdi-dev
mailing list