db-jdo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Russell (JIRA)" <j...@apache.org>
Subject [jira] Assigned: (JDO-555) All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
Date Sat, 12 Jul 2008 05:44:31 GMT

     [ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Craig Russell reassigned JDO-555:
---------------------------------

    Assignee: Andy Jefferson  (was: Craig Russell)

There's still a bit of work to do to make sure that the TCK can run with a security manager.

Right now, running just the pmf tests with security manager results in errors because DataNucleus
doesn't encapsulate its calls to JDOImplHelper.getInstance() in doPrivileged.

Here's the command line to invoke the pmf tests with a security manager:

maven -o -Djdo.tck.cfglist=pmf.conf -Djdo.tck.identitytypes=datastoreidentity -Djdo.tck.security
runtck.jdori

Here's part of the output:

Caused by: java.security.AccessControlException: access denied (javax.jdo.spi.JDOPermission
getMetadata)
    [java] 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    [java] 	at java.security.AccessController.checkPermission(AccessController.java:427)
    [java] 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    [java] 	at javax.jdo.spi.JDOImplHelper.getInstance(JDOImplHelper.java:146)
    [java] 	at org.datanucleus.metadata.MetaDataManager.<init>(MetaDataManager.java:158)
    [java] 	at org.datanucleus.jdo.metadata.JDOMetaDataManager.<init>(JDOMetaDataManager.java:106)

This is an example of the code needed.

    /** Get the JDOImplHelper instance
     * This must be done in a doPrivileged block.
     */
    public static JDOImplHelper getJDOImplHelper() {
                return (JDOImplHelper) AccessController.doPrivileged(
                    new PrivilegedAction () {
                        public Object run () {
                            return JDOImplHelper.getInstance();
                        }
                    }
                );
    }




> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside
a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: JDO-555
>                 URL: https://issues.apache.org/jira/browse/JDO-555
>             Project: JDO
>          Issue Type: Bug
>          Components: api2, api2-legacy
>    Affects Versions: JDO 2 maintenance release 1
>            Reporter: Matthew T. Adams
>            Assignee: Andy Jefferson
>             Fix For: JDO 2 maintenance release 2
>
>         Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message