Return-Path: Delivered-To: apmail-openjpa-dev-archive@www.apache.org Received: (qmail 67688 invoked from network); 5 Jun 2007 17:09:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Jun 2007 17:09:48 -0000 Received: (qmail 77768 invoked by uid 500); 5 Jun 2007 17:09:52 -0000 Delivered-To: apmail-openjpa-dev-archive@openjpa.apache.org Received: (qmail 77670 invoked by uid 500); 5 Jun 2007 17:09:52 -0000 Mailing-List: contact dev-help@openjpa.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openjpa.apache.org Delivered-To: mailing list dev@openjpa.apache.org Received: (qmail 77661 invoked by uid 99); 5 Jun 2007 17:09:52 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2007 10:09:52 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 05 Jun 2007 10:09:47 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 6DEE7714190 for ; Tue, 5 Jun 2007 10:09:27 -0700 (PDT) Message-ID: <30996422.1181063367404.JavaMail.jira@brutus> Date: Tue, 5 Jun 2007 10:09:27 -0700 (PDT) From: "Albert Lee (JIRA)" To: dev@openjpa.apache.org Subject: [jira] Commented: (OPENJPA-244) Java 2 Security enablement MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501617 ] Albert Lee commented on OPENJPA-244: ------------------------------------ I noticed that there are many openjpa classes have a static final caching the line.separator (or something similiar) from the system properties. This kind of general resource that required doPriv can be customized in the helper without any security exposure and still make the code readable. private static final String SEP = J2DoPrivHelper.getLineSeparator(); public static final String J2DoPrivHelper.getLineSeparator() { if (System.getSecurityManager() != null) { return (Properties) AccessController .doPrivileged(new PrivilegedAction() { public Object run () { return System.getProperty("line.separator"); } }); } else { return System.getProperty("line.separator"); } } These type of functions can also be cached in the helper for performance too. Albert Lee. > Java 2 Security enablement > -------------------------- > > Key: OPENJPA-244 > URL: https://issues.apache.org/jira/browse/OPENJPA-244 > Project: OpenJPA > Issue Type: Bug > Affects Versions: 0.9.8 > Reporter: Kevin Sutter > Attachments: J2DoPrivHelper.java > > > Via some testing with the WebSphere Application Server, it's been discovered that we're missing some doPriv blocks through out the OpenJPA code base. This JIRA report will be used to resolve these issues. More specific examples will be posted later. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.