On 18/11/2013 14:59, Jochen Theodorou wrote:
java.lang.Class has multiple methods annotated with CallerSensitive (see http://hg.openjdk.java.net/jdk8/jdk8-gate/jdk/file/tip/src/share/classes/java/lang/Class.java).
Now if we in Groovy here want to build our runtime structure for this class, and the security manager is not allowing access to sun.reflect, then we get into trouble. https://jira.codehaus.org/browse/GROOVY-6405 is caused by this.
The stack trace in the bug report is running under Google App Engine. I have no idea what GAE does about security. Anyway, it appears that that you are trying to access an annotation under package.access applied to a public class. If you are running untrusted code under a security manager, I guess you just want to ignore those. Catching the security exception seems more reliable that testing for a specific package name.
Tom
