[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614057#action_12614057
]
Craig Russell commented on JDO-555:
-----------------------------------
I've now checked in src/conf/security.conf and made changes in maven.xml to enable the security
setting to be specified in a config file.
I have not yet checked in the conf file into the list of standard configs because the JDORI
still fails.
And I have not added a security test to the iut tests. It's not clear that this adds value
since what we're testing is that JDOHelper can access a PersistenceManagerFactory with proper
permissions for JDO jar, not testing that we're able to run the iut with security.
If you run maven -o -Djdo.tck.cfglist=security.conf runtck.jdori it will work with application
identity but fail with a bogus error using datastore identity. The same tests pass without
the security setting.
Andy, I suspect that the problem is in a metadata access that is not properly protected by
doPrivileged, throwing a SecurityException, that is not properly caught, possibly indicating
that a field or property doesn't exist. I couldn't find where the problem was though.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside
a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch,
jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|