On 09/03/2013 12:16 PM, Peter Levart wrote:
[...]
*AND* that Reflection.getCallerClass() can only be called from within
methods annotated with @CallerSensitive.
Now for that part, the public API equivalent
(StackTraceFrame.getCallerClass() or whatever it is called) need not
be restricted to methods annotated with any annotation, but that
means that this public API should not be used to implement security
decisions since MethodHandles API allows caller to be spoofed unless
looking-up a method annotated with @CallerSensitive...
Peter, can you please elaborate on this a bit? I could find nothing in
the MethodHandles API or its associated classes that would seem to give
the ability to call another method with a spoofed caller. Yes you can
set up a Lookup for another class but I don't see how that would affect
the ability of (say) a security manager to make access decisions based
on the call stack/class context?
--
- DML
