openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Sutter" <kwsut...@gmail.com>
Subject Re: Java 2 Security testing?
Date Tue, 13 Mar 2007 18:52:25 GMT
Marc,

On 3/13/07, Marc Prud'hommeaux <mprudhom@apache.org> wrote:
>
> Kevin-
>
> I don't think we've done extensive stand-alone testing with security
> enabled, but we have people using OpenJPA in so many different exotic
> containers with their attendant security settings, that I'd be a
> little surprised if there were essential doPriv checks that were
> missing.


I agree.  This is kind of convoluted environment.  We have WebSphere
6.1with Spring (not sure of the version) and OpenJPA
0.9.7 nightly.

The fact that it is an intermittent NPE from
> "java.io.Win32CanonicalPathComponentRetriever" gives me a little
> pause. Which JVM did you test on?


Maybe intermittent isn't the right word.  It's really where we run into the
problem on one machine and not another.  But, the visual inspection
indicates that the environments are the same.  The current testing is with
the IBM JDK 5.0 SR3.  We will also check out the latest SR4 and the Sun JDK
to see if the results change.

Also, it'd be nice to figure out what that file name being passed to
> File.exists() is. A println on the file name in
> URLMetaDataIterator.getFile() might show that it is a string with
> such crazy characters that it triggers some other bug with Windows
> file handing.


Good idea.  I was assuming that it was a standard file (ie. persistence.xml).
Let me try that as well.

Kevin


On Mar 13, 2007, at 5:55 AM, Kevin Sutter wrote:
>
> > Just curious,
> > Has there been any testing with Java 2 Security enabled and
> > OpenJPA?  I'm
> > hitting a semi-intermittent problem (it doesn't seem to show up on all
> > machines) which results in an NPE coming out of the
> > javax.persistence.Persistence.createEntityManager method.  I know
> > we have no
> > control over this specific piece of code, but I'm wondering whether
> > we need
> > some doPriv blocks elsewhere in the code path.  I reviewed the JIRA
> > Issues
> > and didn't see anything related to this.  Before I go further, I
> > thought I
> > would check to see if there's been any other experiences with Java 2
> > Security.  Thanks.
> >
> > Kevin
> >
> > P.S.  Here's the call stack if you are interested...
> >
> > Caused by: java.lang.NullPointerException
> >    at java.io.Win32CanonicalPathComponentRetriever.nextComponent(
> > Win32CanonicalPath.java:318)
> >    at java.io.Win32CanonicalPath.equals(Win32CanonicalPath.java:117)
> >    at java.io.FilePermission.impliesIgnoreMask(FilePermission.java:
> > 373)
> >    at java.io.FilePermissionCollection.implies(FilePermission.java:
> > 763)
> >    at
> > org.eclipse.osgi.framework.internal.core.ConditionalPermissionSet.impl
> > ies(
> > ConditionalPermissionSet.java:224)
> >    at
> > org.eclipse.osgi.framework.internal.core.BundleCombinedPermissions.imp
> > lies(
> > BundleCombinedPermissions.java:124)
> >    at java.security.ProtectionDomain.implies(ProtectionDomain.java:
> > 225)
> >    at java.security.AccessController.checkPermission
> > (AccessController.java
> > :94)
> >    at java.lang.SecurityManager.checkPermission
> > (SecurityManager.java:547)
> >    at com.ibm.ws.security.core.SecurityManager.checkPermission(
> > SecurityManager.java:189)
> >    at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
> >    at java.io.File.exists(File.java:726)
> >    at org.apache.openjpa.lib.meta.URLMetaDataIterator.getFile(
> > URLMetaDataIterator.java:68)
> >    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> > XMLMetaDataParser.java:311)
> >    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> > XMLMetaDataParser.java:289)
> >    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> > XMLMetaDataParser.java:263)
> >    at
> > org.apache.openjpa.persistence.PersistenceProductDerivation
> > $ConfigurationParser.parse
> > (PersistenceProductDerivation.java:419)
> >    at
> > org.apache.openjpa.persistence.PersistenceProductDerivation.parseResou
> > rces(
> > PersistenceProductDerivation.java:287)
> >    at
> > org.apache.openjpa.persistence.PersistenceProductDerivation.load(
> > PersistenceProductDerivation.java:254)
> >    at
> > org.apache.openjpa.persistence.PersistenceProductDerivation.load(
> > PersistenceProductDerivation.java:152)
> >    at
> > org.apache.openjpa.persistence.PersistenceProviderImpl.createEntityMan
> > agerFactory
> > (PersistenceProviderImpl.java:66)
> >    at
> > org.apache.openjpa.persistence.PersistenceProviderImpl.createEntityMan
> > agerFactory
> > (PersistenceProviderImpl.java:78)
> >    at javax.persistence.Persistence.createEntityManagerFactory(
> > Persistence.java:83)
> >    at javax.persistence.Persistence.createEntityManagerFactory(
> > Persistence.java:60)
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message