-
Bug
-
Resolution: Fixed
-
P3
-
repo-valhalla
Mandy writes:
> I think Class::getNestHost and Class::getNestMembers should do a security
> permission check as performed in other method e.g. getEnclosingClass.
>
> * @throws SecurityException
> * If a security manager, <i>s</i>, is present and
> * the caller's class loader is not the same as or an
> * ancestor of the class loader for the current class and
> * invocation of {@link SecurityManager#checkPackageAccess
> * s.checkPackageAccess()} denies access to the package
> * of this class
> *
This seems not completely unreasonable. Should they also be @CallerSensitive?
But it is contrary to getNestHost()s design of never throwing an exception. So this needs more consideration.
> I think Class::getNestHost and Class::getNestMembers should do a security
> permission check as performed in other method e.g. getEnclosingClass.
>
> * @throws SecurityException
> * If a security manager, <i>s</i>, is present and
> * the caller's class loader is not the same as or an
> * ancestor of the class loader for the current class and
> * invocation of {@link SecurityManager#checkPackageAccess
> * s.checkPackageAccess()} denies access to the package
> * of this class
> *
This seems not completely unreasonable. Should they also be @CallerSensitive?
But it is contrary to getNestHost()s design of never throwing an exception. So this needs more consideration.