A DESCRIPTION OF THE REQUEST :
given a public class C and a public annotation class A which has RUNTIME RetentionPolicy, if you want to determine if C is annotated with A, or any other specific annotation, then you will require RuntimePermission('accessDeclaredMembers').
JUSTIFICATION :
It is acknowledged (particularly by "Permissions in the JavaTM 2 Standard Edition Development Kit (JDK)") that it is undesirable to grant accessDeclaredMembers, as this allows code to gain visibility of members that it wouldn't otherwise be able to see. However it is unexpected that merely finding the presence of an public annotation on a public class, both of which one can gain references to (by getClass() or an explicit class literal as in the example) would require this kind of permission. If the annotation is not meant to be read reflectively at runtime, then surely CLASS is the appropriate RetentionPolicy, rather than invoking the blanket accessDeclaredMembers permissions.
An alternative would be to have a "accessRuntimeAnnotations" permission.
But given that I can do a cls.getMethods() to access public methods on a class, why can I not do a cls.getAnnotation()?
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
cls.getAnnotation() does not require accessDeclaredMembers RuntimePermission.
(nor does method.getAnnotation(), etc.)
---------- BEGIN SOURCE ----------
@A
public class C{}
@Retention(RetentionPolicy.RUNTIME)
public @interface class A{}
//code that requires accessDeclaredMembers permission:
C.class.isAnnotationPresent(A.class);
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
1) Not to use Annotations
2) Use an annotation-processor to extract the annotations into some form of external file (e..g xml) before distributing into a secure/sandboxed environment (such as jnlp)
3) Work out how to implement a complex security model with multiple Protection Domains (particularly tricky for jnlp, I think because there's only one classloader available)