On Aug 12, 2008, at 11:24 AM, Bill Burke wrote:
>
>> A second one is not really a barrier but a security issue
>> concerning the
>> static 'RuntimeDelegate.setInstance(RuntimeDelegate)' method. I
>> recommend checking for an appropriate permission. This would allow to
>> limit the invocation of that method to approved code only.
>
> I think this is a good idea.
>
Seems like checking for either
RuntimePermission("accessDeclaredMembers") or
ReflectPermission("suppressAccessChecks") would be appropriate since I
think both would be required for a workable JAX-RS implementation.
Marc.
---
Marc Hadley <marc.hadley at sun.com>
CTO Office, Sun Microsystems.