You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@groovy.apache.org by "Pascal Schumacher (JIRA)" <ji...@apache.org> on 2016/02/08 22:53:40 UTC
[jira] [Resolved] (GROOVY-7735) Closures should be generated as
public classes
[ https://issues.apache.org/jira/browse/GROOVY-7735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pascal Schumacher resolved GROOVY-7735.
---------------------------------------
Resolution: Fixed
Assignee: Pascal Schumacher
Fix Version/s: 2.4.6
Pull request merged. Thanks!
> Closures should be generated as public classes
> ----------------------------------------------
>
> Key: GROOVY-7735
> URL: https://issues.apache.org/jira/browse/GROOVY-7735
> Project: Groovy
> Issue Type: Improvement
> Components: groovy-jdk, GroovyScriptEngine
> Affects Versions: 2.4.5
> Reporter: Chris Earle
> Assignee: Pascal Schumacher
> Fix For: 2.4.6
>
>
> Closures are currently created as a package-private class thanks to a single [constant zero that gets passed in|https://github.com/apache/groovy/blob/GROOVY_2_4_5/src/main/org/codehaus/groovy/classgen/asm/ClosureWriter.java#L81], which then get accessed by the {{org.codehaus.groovy.reflection.CachedMethod}} class.
> When running Groovy within a Security Manager, this requires an _extreme_ permission to be enabled: {{suppressAccessCheck}}. This permission enables reflection-based code to access methods that they have no "right" to access.
> The associated PR changes the constant zero to {{ACC_PUBLIC}}, which means that the class becomes {{public}} rather than package-private. By making this change, no special security manager permissions need to be applied, thus making Groovy less of a risk. For what it's worth, the value of {{0}} seems more arbitrary than intentional and {{public}} seems to be the more appropriate access level for a {{Closure}}.
> PR: https://github.com/apache/groovy/pull/248
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)