openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Prud'hommeaux (JIRA)" <j...@apache.org>
Subject [jira] Reopened: (OPENJPA-244) Java 2 Security enablement
Date Tue, 03 Jul 2007 22:52:04 GMT

     [ https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Marc Prud'hommeaux reopened OPENJPA-244:
----------------------------------------


I'm re-opening the issue because it looks like there are at least a few secure calls that
were missed. I ran a test by building a new rt.jar with a java.lang.SecurityException that
extends java.lang.Exception (instead of java.lang.RuntimeException), and then compiling the
openjpa classes with the new rt.jar in the bootclasspath, which does a nice job at finding
all the calls to methods that might throw SecutiryException.

For example, FieldMetaData.java:1477 contains the line "Method[] methods = cls.getMethods()".

Are these oversights, or is there some reason that these calls don't need to be wrapped in
doPriv blocks?

> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments: OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message