On 2/26/2015 5:01 PM, Peter Levart wrote:
On 02/27/2015 01:07 AM, Mandy Chung wrote:
Thanks for the test. The question is what the spec says about
SecurityException, or it should require the value() method be public
or there is a reason to support a non-public value() method?
The value() method is always public (since it's an interface method),
but the interface need not be public.
Thanks for the clarification.
So I don't think we should prevent access to repeatable annotation
instances just because the container annotation type of the repeatable
annotation is not public.
The call to setAccessible(true) should be wrapped by doPrivileged and
should be performed in AnnotationType constructor and not sprinkled in
other places that need to invoke the Method(s). This is by no means
less secure as it doesn't matter what part of code makes the Method
object setAccessible(true) if it is a shared Method object.
Will wait for Joel to say more about this. I agree with your observation.
Mandy
