Return-Path: 
 <open-jpa-dev-return-2691-apmail-incubator-open-jpa-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-open-jpa-dev-archive@locus.apache.org
Received: (qmail 72718 invoked from network); 13 Mar 2007 15:53:31 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 13 Mar 2007 15:53:31 -0000
Received: (qmail 41831 invoked by uid 500); 13 Mar 2007 15:53:40 -0000
Delivered-To: apmail-incubator-open-jpa-dev-archive@incubator.apache.org
Received: (qmail 41716 invoked by uid 500); 13 Mar 2007 15:53:40 -0000
Mailing-List: contact open-jpa-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:open-jpa-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:open-jpa-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:open-jpa-dev@incubator.apache.org>
List-Id: <open-jpa-dev.incubator.apache.org>
Reply-To: open-jpa-dev@incubator.apache.org
Delivered-To: mailing list open-jpa-dev@incubator.apache.org
Received: (qmail 41707 invoked by uid 99); 13 Mar 2007 15:53:40 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Mar 2007 08:53:40 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of mprudhomapache@gmail.com
 designates 209.85.132.248 as permitted sender)
Received: from [209.85.132.248] (HELO an-out-0708.google.com) (209.85.132.248)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Mar 2007 08:53:27 -0700
Received: by an-out-0708.google.com with SMTP id b2so1732848ana
        for <open-jpa-dev@incubator.apache.org>;
 Tue, 13 Mar 2007 08:53:07 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer:sender;
        b=Hwi9BXc8ZgsnAjDpigwlOWENTk6erUbgmWMnK30gJFNWUZjjNb3K4pITTz69X7zRRsWTUj6IM+zCqXY7lTEGa7A2jUaSbqMz49YFitqcUx+EW39NL5FRPYUoULrxpnpODGdvnVYyePYUkTgY4APkoOcB1Jcjy8neVWJqnyBJ5gs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:mime-version:in-reply-to:references:content-type:message-id:content-transfer-encoding:from:subject:date:to:x-mailer:sender;
        b=P0EGLS39wBtMedtQ9OOi5J9mxt2I/fFPFy9FvuhlWtsG+Dhqbmgotfe+w7MksEJB9FBxiO9mR7cgHbyMt0FiZOoVWWMi7exoGWg2avVYe1X+wu0aXxeMEiEJ+fmi463QfkODksCO0fRiOKCDbm6Zqk4ivdgEWxe9w6ynA/C43VY=
Received: by 10.100.47.6 with SMTP id u6mr909246anu.1173801186372;
        Tue, 13 Mar 2007 08:53:06 -0700 (PDT)
Received: from ?192.168.15.101? ( [66.248.222.34])
        by mx.google.com with ESMTP id b3sm8237919ana.2007.03.13.08.53.05;
        Tue, 13 Mar 2007 08:53:05 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: <89c0c52c0703130555o5de3a118x471650717ee4bd62@mail.gmail.com>
References: <89c0c52c0703130555o5de3a118x471650717ee4bd62@mail.gmail.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <5EC3C6EC-E451-4D5F-89B1-5F077A44918F@apache.org>
Content-Transfer-Encoding: 7bit
From: Marc Prud'hommeaux <mprudhom@apache.org>
Subject: Re: Java 2 Security testing?
Date: Tue, 13 Mar 2007 08:52:59 -0700
To: open-jpa-dev@incubator.apache.org
X-Mailer: Apple Mail (2.752.3)
Sender: Marc Prud'hommeaux <mprudhomapache@gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org

Kevin-

I don't think we've done extensive stand-alone testing with security  
enabled, but we have people using OpenJPA in so many different exotic  
containers with their attendant security settings, that I'd be a  
little surprised if there were essential doPriv checks that were  
missing.

The fact that it is an intermittent NPE from  
"java.io.Win32CanonicalPathComponentRetriever" gives me a little  
pause. Which JVM did you test on?

Also, it'd be nice to figure out what that file name being passed to  
File.exists() is. A println on the file name in  
URLMetaDataIterator.getFile() might show that it is a string with  
such crazy characters that it triggers some other bug with Windows  
file handing.



On Mar 13, 2007, at 5:55 AM, Kevin Sutter wrote:

> Just curious,
> Has there been any testing with Java 2 Security enabled and  
> OpenJPA?  I'm
> hitting a semi-intermittent problem (it doesn't seem to show up on all
> machines) which results in an NPE coming out of the
> javax.persistence.Persistence.createEntityManager method.  I know  
> we have no
> control over this specific piece of code, but I'm wondering whether  
> we need
> some doPriv blocks elsewhere in the code path.  I reviewed the JIRA  
> Issues
> and didn't see anything related to this.  Before I go further, I  
> thought I
> would check to see if there's been any other experiences with Java 2
> Security.  Thanks.
>
> Kevin
>
> P.S.  Here's the call stack if you are interested...
>
> Caused by: java.lang.NullPointerException
>    at java.io.Win32CanonicalPathComponentRetriever.nextComponent(
> Win32CanonicalPath.java:318)
>    at java.io.Win32CanonicalPath.equals(Win32CanonicalPath.java:117)
>    at java.io.FilePermission.impliesIgnoreMask(FilePermission.java: 
> 373)
>    at java.io.FilePermissionCollection.implies(FilePermission.java: 
> 763)
>    at
> org.eclipse.osgi.framework.internal.core.ConditionalPermissionSet.impl 
> ies(
> ConditionalPermissionSet.java:224)
>    at
> org.eclipse.osgi.framework.internal.core.BundleCombinedPermissions.imp 
> lies(
> BundleCombinedPermissions.java:124)
>    at java.security.ProtectionDomain.implies(ProtectionDomain.java: 
> 225)
>    at java.security.AccessController.checkPermission 
> (AccessController.java
> :94)
>    at java.lang.SecurityManager.checkPermission 
> (SecurityManager.java:547)
>    at com.ibm.ws.security.core.SecurityManager.checkPermission(
> SecurityManager.java:189)
>    at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
>    at java.io.File.exists(File.java:726)
>    at org.apache.openjpa.lib.meta.URLMetaDataIterator.getFile(
> URLMetaDataIterator.java:68)
>    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> XMLMetaDataParser.java:311)
>    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> XMLMetaDataParser.java:289)
>    at org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(
> XMLMetaDataParser.java:263)
>    at
> org.apache.openjpa.persistence.PersistenceProductDerivation 
> $ConfigurationParser.parse
> (PersistenceProductDerivation.java:419)
>    at
> org.apache.openjpa.persistence.PersistenceProductDerivation.parseResou 
> rces(
> PersistenceProductDerivation.java:287)
>    at  
> org.apache.openjpa.persistence.PersistenceProductDerivation.load(
> PersistenceProductDerivation.java:254)
>    at  
> org.apache.openjpa.persistence.PersistenceProductDerivation.load(
> PersistenceProductDerivation.java:152)
>    at
> org.apache.openjpa.persistence.PersistenceProviderImpl.createEntityMan 
> agerFactory
> (PersistenceProviderImpl.java:66)
>    at
> org.apache.openjpa.persistence.PersistenceProviderImpl.createEntityMan 
> agerFactory
> (PersistenceProviderImpl.java:78)
>    at javax.persistence.Persistence.createEntityManagerFactory(
> Persistence.java:83)
>    at javax.persistence.Persistence.createEntityManagerFactory(
> Persistence.java:60)