Let's say I have a package (com.example.private) with some classes that contain sensitive information. The methods and fields are private or package private to prevent access under normal circumstances.
I am aware that Reflection can be used to access these properties regardless of their privacy modifier by using the setAccessible(true) method. Because of this, I would like to use a SecurityManager to block access to Reflection. However, since Reflection is used as part of my publicly accessible API, I can't block it entirely.
I have tried using the suppressAccessChecks permission check, which works, but it breaks parts of my API as mentioned before.
TL;DR:
Is it possible to use a SecurityManager to block Reflection on a specific class or package?
Edit: this thread details how to block Reflect from a specific CALLER. My objective is to block Reflection to a specific TARGET.
