openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Russell (JIRA)" <>
Subject [jira] Commented: (OPENJPA-244) Java 2 Security enablement
Date Tue, 05 Jun 2007 16:06:26 GMT


Craig Russell commented on OPENJPA-244:

What is possible is to hide the nasty mechanical construction of a new instance of the anonymous
inner class by a wrapper method. 

Perhaps Mitesh can post examples (used in CDDL-licensed TopLink Essentials) that preserve
the doPrivileged method call in the correct place but delegates the construction of the instance
to a wrapper. The resulting code is much more readable than the usual inline doPrivileged
and avoids the security hole.

> Java 2 Security enablement
> --------------------------
>                 Key: OPENJPA-244
>                 URL:
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments:
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message