Currently we wrap all reflection calls in PrivilegedAction. This way Validators need the following grants in the policy file:
However, this also means that a user might now use ReflectionHelper to execute reflection calls which otherwise would be no allowed. To prevent this we need a Validator specific permission type. Something like this: