openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Russell (JIRA)" <>
Subject [jira] Commented: (OPENJPA-244) Java 2 Security enablement
Date Sun, 03 Jun 2007 23:54:15 GMT


Craig Russell commented on OPENJPA-244:

If you choose not to have an interface and two classes selected by whether the security manager
is active or not, I'd suggest adding a 
static final boolean isSecure = System.getSecurityManager() != null; 

and then testing it for each method, e.g. 

    public static final ClassLoader getClassLoader (final Class clazz)
if(isSecure) {
        return (ClassLoader) AccessController
                .doPrivileged(new PrivilegedAction()
                    public Object run ()
                        return clazz.getClassLoader();
} else {
return clazz.getClassLoader();

If the variable isSecure is static final we need to be sure that the class is never loaded
before the security manager is activated, otherwise we will get the wrong answer.

As the patch is written as of June 3, each call will at minimum create a new object on the
heap that needs to be garbage collected, and calling doPriv when there is no security manager
is a waste.

In any case, it's good to isolate the calls to this class so I'm +1 on making the rest of
the changes and we can worry about the implementation details when we see if there is any
performance impact one way or the other.

> Java 2 Security enablement
> --------------------------
>                 Key: OPENJPA-244
>                 URL:
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments:
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message