CallerSensitive access rights problems

Tom Hawtin tom.hawtin at
Mon Nov 18 16:54:04 UTC 2013

On 18/11/2013 14:59, Jochen Theodorou wrote:
> java.lang.Class has multiple methods annotated with CallerSensitive (see

> Now if we in Groovy here want to build our runtime structure for this
> class, and the security manager is not allowing access to sun.reflect,
> then we get into trouble.
> is caused by this.

The stack trace in the bug report is running under Google App Engine. I 
have no idea what GAE does about security. Anyway, it appears that that 
you are trying to access an annotation under package.access applied to a 
public class. If you are running untrusted code under a security 
manager, I guess you just want to ignore those. Catching the security 
exception seems more reliable that testing for a specific package name.


More information about the core-libs-dev mailing list