openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Patrick Linskey (JIRA)" <j...@apache.org>
Subject [jira] Commented: (OPENJPA-244) Java 2 Security enablement
Date Thu, 07 Jun 2007 16:02:25 GMT

    [ https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12502397
] 

Patrick Linskey commented on OPENJPA-244:
-----------------------------------------

I think that an important design goal here is minimal invasiveness into the code. Java 2 security
is something that many of us have never seen as an issue in practice, so ensuring that the
security-friendly mechanisms are just as easy to use as the unfriendly versions is pretty
important IMO.

Additionally, I'm concerned about the extra overhead incurred by these calls, which makes
 me think that caching might be a good idea.

Given that you demonstrate in point 2 above that it is legit to cache the return values of
the security-wrapping calls, can we achieve better encapsulation? For example, why not just
have a J2DoPrivHelper.getDeclaredMethod() call that does the right thing internally?

> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments: J2DoPrivHelper.java
>
>
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message