openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Russell (JIRA)" <>
Subject [jira] Commented: (OPENJPA-244) Java 2 Security enablement
Date Sat, 30 Jun 2007 00:44:04 GMT


Craig Russell commented on OPENJPA-244:

Very nice piece of work, Albert.

The original patch should be removed since it's no longer valid.

Just a few comments on the patch itself.

1. Typos in javadoc for almost all the methods in J2DoPrivHelper, e.g. 
PrivilegeExceptionAction should be PrivilegedExceptionAction

2. The cases where you call  this.getClass().getClassLoader()) don't need to be wrapped in
a doPrivileged block. 

(From the javadoc of getClassLoader, If a security manager is present, and the caller's class
loader is not null and the caller's class loader is not the same as or an ancestor of the
class loader for the class whose class loader is requested, then this method calls the security
manager's checkPermission method with a RuntimePermission("getClassLoader") permission to
ensure it's ok to access the class loader for the class.)

3. In openjpa-lib/src/main/java/org/apache/openjpa/lib/util/
you might have missed this case:
@@ -238,12 +246,18 @@
             if (loader == THREAD_LOADER)
                 loader = Thread.currentThread().getContextClassLoader();
4. Several cases of try or catch with the { on the following line instead of on the same line.

5. In openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/

don't you need to have a doPrivileged around f.length() ? The javadoc would suggest so.

6. javadoc typos in newFIleOutputStreamAction methods in J2Helper class

7. I don't understand the rationale for newInstanceOfAction. I guess I don't know what a BCClass
is and why its behavior is different from Class.

> Java 2 Security enablement
> --------------------------
>                 Key: OPENJPA-244
>                 URL:
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments:, OPENJPA-244.patch
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message