This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Xstream is a library which provides ability to serialize/deserialize java objects to/from XML. It does this through the use of sun.misc packages. In our NB 691 RCP based applications we had no issues with package but since migrating to NB721 we are now getting warnings and have no way to trap for or avoid them. We have attempted to use the netbeans.security.nocheck parameter but the method that does the permission check (checkMemberAccess) in TopSecurityManager ignores this setting. In the current design the only way to avoid the warning is add the calling class to the whitelist, this does appear to be a regular problem as libraries are found. Perhaps giving developers the ability to add to the whitelist might be a more extensible solution rather than having to push out new versions of the Class ? I have also tried extending the TopSecurityManager class NB throws errors that the module containing my class is not a friend of the o.n.bootstrap module.
Jardo, what is the recommended approach?
We had terrible problems (~100 reported duplicates about completely broken IDE) with broken JaxWS libraries - that is why the defensive mode. We could use branding to read the list of acceptable libraries. The only problem is that the o.n.bootstrap can't itself use NbBundle - the bundle would need to be injected into the system from core.startup module.
Seems to me that the current state (89ce8aec1248) of TopSecurityManager logs the messages only when executed with assertions on: if (caller != null && callerWhiteList.contains(caller.getName())) { l = Level.FINEST; } else { l = Level.FINE; assert (l = Level.INFO) != null; } That is probably appropriate and there is no need for any changes, right?