db-jdo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Russell (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JDO-555) All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
Date Sat, 12 Jul 2008 15:17:31 GMT

    [ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613096#action_12613096
] 

Craig Russell commented on JDO-555:
-----------------------------------

The nightly works for the access controls on JDOImplHelper all right.

There's a similar issue in the StateManager. The call replaceStateManager also needs to be
inside a doPrivileged block. Actually, any of the methods between makePersistent and replaceStateManager
can be called in doPrivileged and you'll be ok. The closer to the checkPermission and the
faster the security check is, of course.

   [java] NestedThrowablesStackTrace:
    [java] java.security.AccessControlException: access denied (javax.jdo.spi.JDOPermission
setStateManager)
    [java] 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    [java] 	at java.security.AccessController.checkPermission(AccessController.java:427)
    [java] 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    [java] 	at org.apache.jdo.tck.pc.mylib.PCPoint.jdoReplaceStateManager(PCPoint.java)
    [java] 	at org.datanucleus.state.JDOStateManagerImpl.replaceStateManager(JDOStateManagerImpl.java:961)
    [java] 	at org.datanucleus.state.JDOStateManagerImpl.initialiseForPersistentNew(JDOStateManagerImpl.java:409)
    [java] 	at org.datanucleus.state.StateManagerFactory.newStateManagerForPersistentNew(StateManagerFactory.java:153)
    [java] 	at org.datanucleus.ObjectManagerImpl.persistObjectInternal(ObjectManagerImpl.java:1245)
    [java] 	at org.datanucleus.ObjectManagerImpl.persistObject(ObjectManagerImpl.java:1091)
    [java] 	at org.datanucleus.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:666)
    [java] 	at org.datanucleus.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:691)
    private void replaceStateManager(StateManager sm)

Here's a patch to try:

  945     {
  946         try
  947         {
AccessController.doPrivileged( 
                    new PrivilegedAction () { 
                        public Object run () { 
  948             myPC.jdoReplaceStateManager(sm);
                return null;
                        } 
                    } 
                ); 
  949         }
  950         catch (SecurityException e)
  951         {
  952             throw new JDOFatalUserException(LOCALISER.msg("026000"), e);
  953         }
  954     }
  955 


> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside
a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: JDO-555
>                 URL: https://issues.apache.org/jira/browse/JDO-555
>             Project: JDO
>          Issue Type: Bug
>          Components: api2, api2-legacy
>    Affects Versions: JDO 2 maintenance release 1
>            Reporter: Matthew T. Adams
>            Assignee: Andy Jefferson
>             Fix For: JDO 2 maintenance release 2
>
>         Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message