[ https://issues.apache.org/jira/browse/GROOVY-7735?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pascal Schumacher resolved GROOVY-7735. --------------------------------------- Resolution: Fixed Assignee: Pascal Schumacher Fix Version/s: 2.4.6 Pull request merged. Thanks! > Closures should be generated as public classes > ---------------------------------------------- > > Key: GROOVY-7735 > URL: https://issues.apache.org/jira/browse/GROOVY-7735 > Project: Groovy > Issue Type: Improvement > Components: groovy-jdk, GroovyScriptEngine > Affects Versions: 2.4.5 > Reporter: Chris Earle > Assignee: Pascal Schumacher > Fix For: 2.4.6 > > > Closures are currently created as a package-private class thanks to a single > [constant zero that gets passed > in|https://github.com/apache/groovy/blob/GROOVY_2_4_5/src/main/org/codehaus/groovy/classgen/asm/ClosureWriter.java#L81], > which then get accessed by the > {{org.codehaus.groovy.reflection.CachedMethod}} class. > When running Groovy within a Security Manager, this requires an _extreme_ > permission to be enabled: {{suppressAccessCheck}}. This permission enables > reflection-based code to access methods that they have no "right" to access. > The associated PR changes the constant zero to {{ACC_PUBLIC}}, which means > that the class becomes {{public}} rather than package-private. By making this > change, no special security manager permissions need to be applied, thus > making Groovy less of a risk. For what it's worth, the value of {{0}} seems > more arbitrary than intentional and {{public}} seems to be the more > appropriate access level for a {{Closure}}. > PR: https://github.com/apache/groovy/pull/248 -- This message was sent by Atlassian JIRA (v6.3.4#6332)