What we gain is the ability to run the code inside a standard Java EE container. Instead of mucking around with container permissions or application permissions, you put the required privileges associated with the jspwiki jar file.
I still don't get it - we don't have to muck around with container or application permissions *now*, and we run with almost every standard Java EE container (except Oracle), that I can tell.
I also don't understand why you need all the cloak-n-dagger, since the code is running in a non-privileged container, which is already in sandbox, on a computer, which is trusted. It sounds like awful lot of design overkill to me.
There are just a few things that need to be wrapped in a doPrivileged block, like i/o and reflection. It's not all i/o, just stuff like file.createNewFile() and FileInputStream(file). Once you have an InputStream the rest of the code is normal.
Reflection? That, of course, means that Stripes won't run... /Janne
