openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Albert Lee (JIRA)" <j...@apache.org>
Subject [jira] Updated: (OPENJPA-244) Java 2 Security enablement
Date Tue, 03 Jul 2007 19:15:04 GMT

     [ https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Albert Lee updated OPENJPA-244:
-------------------------------

    Attachment: OPENJPA-244.patch

Craig,

After some experimentation to narrow down the code bases and permissions required  for the
test bucket, here is the refined policy:

// derby code base
grant CodeBase "file:///${user.home}/.m2/repository/org/apache/derby/derby/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    "read,write,delete";
    permission java.lang.RuntimePermission                          "createClassLoader";
    permission java.util.PropertyPermission     "derby.*",          "read";
};

// openjpa code base.
grant CodeBase "file:///${test.basedir}/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    "read,write";
    permission java.io.SerializablePermission                       "enableSubstitution";
    permission java.lang.RuntimePermission                          "accessDeclaredMembers";
    permission java.lang.RuntimePermission                          "createClassLoader";
    permission java.lang.RuntimePermission                          "getClassLoader";
    permission java.lang.RuntimePermission                          "setIO";
    permission java.lang.reflect.ReflectPermission                  "suppressAccessChecks";
    permission java.util.PropertyPermission     "*",                "read,write";
};

// depending packages code base, e.g junit, surefire etc.
grant CodeBase "file:///${user.home}/.m2/repository/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    "read,write";
    permission java.io.SerializablePermission                       "enableSubstitution";
    permission java.lang.RuntimePermission                          "accessDeclaredMembers";
    permission java.lang.RuntimePermission                          "createClassLoader";
    permission java.lang.RuntimePermission                          "getClassLoader";
    permission java.lang.RuntimePermission                          "setContextClassLoader";
    permission java.lang.RuntimePermission                          "setIO";
    permission java.lang.reflect.ReflectPermission                  "suppressAccessChecks";
    permission java.util.PropertyPermission     "*",                "read,write";
};

Attached is a new patch with this new policy.

I hope this has addressed your concern.

Albert Lee,

> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments: OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message