From dev-return-129070-apmail-commons-dev-archive=commons.apache.org@commons.apache.org Sat Sep 3 06:46:50 2011 Return-Path: X-Original-To: apmail-commons-dev-archive@www.apache.org Delivered-To: apmail-commons-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5149087D2 for ; Sat, 3 Sep 2011 06:46:50 +0000 (UTC) Received: (qmail 70300 invoked by uid 500); 3 Sep 2011 06:46:39 -0000 Delivered-To: apmail-commons-dev-archive@commons.apache.org Received: (qmail 69676 invoked by uid 500); 3 Sep 2011 06:46:24 -0000 Mailing-List: contact dev-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Developers List" Delivered-To: mailing list dev@commons.apache.org Received: (qmail 69668 invoked by uid 99); 3 Sep 2011 06:46:20 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Sep 2011 06:46:20 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [217.146.182.249] (HELO nm8.bullet.mail.ukl.yahoo.com) (217.146.182.249) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 03 Sep 2011 06:46:10 +0000 Received: from [217.146.183.184] by nm8.bullet.mail.ukl.yahoo.com with NNFMP; 03 Sep 2011 06:45:50 -0000 Received: from [217.146.183.73] by tm15.bullet.mail.ukl.yahoo.com with NNFMP; 03 Sep 2011 06:45:50 -0000 Received: from [127.0.0.1] by omp1034.mail.ukl.yahoo.com with NNFMP; 03 Sep 2011 06:45:50 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 119036.18903.bm@omp1034.mail.ukl.yahoo.com Received: (qmail 24215 invoked by uid 60001); 3 Sep 2011 06:45:49 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.de; s=s1024; t=1315032349; bh=HOzzIlshADZb4a0HqtXV8314Q28IodRAiQS9WSUxRxQ=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=e1lbOBVUPoYuxop2whxsbpA/Q2tgCo3Asiwv1DqEWj8xWE8oX33isXzlqyMQBv0F122NnfNqCyf34IMjyf+YS+Q5oR0tyfw3MGW4/UkcEzDI8hQsH0ZRq5TMvR62MTVwC+ixcj12MdOQF2AtaH23vRMYKL6g8euCraSMLHDiHOI= DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=lrEQnxaXV4Kt5uk95dYGiW4eIkwVC8d2gdpdSE/HJ+fjfdMWn0NLtEFWEppUHEWf53KT0GZvCpWsJehS8/0g0JDuV0N8or/lDAwB3991fwVuYO3RupIBu8iNL0u3mdhHk9VBpbWjTrdLdBcLJwIepqMKqfU02KP/cg0Xtj93voU=; X-YMail-OSG: jxciSO4VM1lgggaIFKsXhOV9svKJOTetB1Tm3AT6niDGvuz r4o4HxAEhrhOLQSfwDeFPcxeZOlpoAGLNNBf8BIUdHQ2ptRc4Bi8UGx7NcF6 Bl00uJWbDYkgVItLG6guVRvozRPZxXpPbr.yIG9.yWqK5yEDKXpt3sVp9zoX ZE1f57bFM7yskqUZMD_rZkUSqNfq4Wdt8t5uDOTTvoNLbJm3m3kcnhhPmuWQ BtT7rylZgI4.Ji_nhYH3gRzTbt_NcnhthtD1nnhxmxScNczG7tc9owtVxK0l 9cggk1WWsOlnXomXIDnfZd2XvYafScDqSv6p23aHQHRmuMH_16aUBMYf.ftA asGMadW0iDcjVKf8cdCM7g1SmTqekVbbaRkU1dQzOMzFv2hhAWHuP3Ric4wC iQka9aPlvBVv3OlU- Received: from [80.108.122.184] by web27805.mail.ukl.yahoo.com via HTTP; Sat, 03 Sep 2011 07:45:49 BST X-Mailer: YahooMailWebService/0.8.113.315625 References: <-8138965699000121271@unknownmsgid> <4E61B8CE.1060604@gmail.com> Message-ID: <1315032349.98116.YahooMailNeo@web27805.mail.ukl.yahoo.com> Date: Sat, 3 Sep 2011 07:45:49 +0100 (BST) From: Mark Struberg Reply-To: Mark Struberg Subject: Re: [lang] Running lang under a security manager and LANG-744 To: Commons Developers List In-Reply-To: <4E61B8CE.1060604@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org This might be a bit OT, but is there a cardinal way to create code with and= without doPrivileged code?=0AI mean something like pre-processing or a rep= lacement with sed.=0A=0AIn OpenWebBeans we introduced a SecurityService SPI= with 2 implementations:=0AA standard one without doPrivileged and an enfor= cing one. The ct of the enforcing one makes sure that it can only get creat= ed from within OWBs core so it cannot get tricked for non intended usage. = =0A=0A=0AIn our case it was not the problem with GAE but simply the fact th= at the SecurityManager only gets used pretty rarely and sucks a lot of the = performance.=0ASince OWB as DI container heavily uses interceptors, we got = way more than 1 million temporary objects/s and the performance drops by 25= % when using doPrivileged.=0A=0A=0ALieGrue,=0Astrub=0A=0A=0A=0A----- Origin= al Message -----=0A> From: Phil Steitz =0A> To: Comm= ons Developers List =0A> Cc: =0A> Sent: Saturday, S= eptember 3, 2011 7:19 AM=0A> Subject: Re: [lang] Running lang under a secur= ity manager and LANG-744=0A> =0A> On 9/2/11 4:06 AM, Gary Gregory wrote:=0A= >> On Sep 2, 2011, at 1:21, Stephen Colebourne =0A>= wrote:=0A>> =0A>>> On 2 September 2011 01:20, Gary Gregory =0A> wrote:=0A>>>> Specifically for StringUtils, should we have= a SunStringUtils? This =0A> would=0A>>>> let you know that you are depend= ing on com.sun code.=0A>>> I really don't like that idea!=0A>>> =0A>>> Ge= nerally, it is non-Sun JVMs including Android that are the problem.=0A>>> = Lets just do the best we can on those.=0A>>> =0A>> But that is different t= hat the actual issue of running under a=0A>> security manager.=0A> =0A> Ri= ght.=A0 This thread is talking about two different issues.=A0 What=0A> actu= ally caused the exception reported in the ticket is GAE=0A> disallowing the= privileged action.=A0 GAE does not allow all kinds of=0A> stuff.=A0 You ca= n't even load JCE providers.=A0 The other form of=0A> "crippled Java" is mi= ssing classes or APIs, which you run into with=0A> Android.=A0 I think your= idea of testing with security managers is a=0A> good one so that we can se= e and document what is going to blow up=0A> with that kind of crippling.=A0= Supporting Android or other crippled=0A> environments is harder.=A0 In bot= h cases it comes down to volunteer=0A> resources to a) do all the testing b= ) document the failures and c)=0A> propose (and maybe get the community to = agree on) workarounds. =0A> Personally, none of these activities are likely= to make it to the=0A> top of my always-too-long list of things to work on = here, but I=0A> won't complain and will apply patches that do no harm while= making=0A> more things work for more users.=0A> =0A> Phil=0A>> =0A>> Gary= =0A>> =0A>>> Stephen=0A>>> =0A>>> ---------------------------------------= ------------------------------=0A>>> To unsubscribe, e-mail: dev-unsubscri= be@commons.apache.org=0A>>> For additional commands, e-mail: dev-help@comm= ons.apache.org=0A>>> =0A>> -----------------------------------------------= ----------------------=0A>> To unsubscribe, e-mail: dev-unsubscribe@common= s.apache.org=0A>> For additional commands, e-mail: dev-help@commons.apache= .org=0A>> =0A>> =0A> =0A> =0A> --------------------------------------------= -------------------------=0A> To unsubscribe, e-mail: dev-unsubscribe@commo= ns.apache.org=0A> For additional commands, e-mail: dev-help@commons.apache.= org=0A> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org For additional commands, e-mail: dev-help@commons.apache.org