openjpa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Albert Lee (JIRA)" <j...@apache.org>
Subject [jira] Commented: (OPENJPA-244) Java 2 Security enablement
Date Thu, 09 Aug 2007 19:19:42 GMT

    [ https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518820
] 

Albert Lee commented on OPENJPA-244:
------------------------------------

Craig, 

Thanks for reviewing the patch.

Regarding the Serialization changes that the enableReplaceObject PrivilegedAction is created
in-line in the code and not in J2DoPrivHelper, the reasons are:

1) PersistentObjectOutputStream extends ObjectOutputStream.
2) enabelReplaceObject is defined in ObjectOutputStream and is qualified as protected.
3) enabelReplaceObject is called in the PersistentObjectOutputStream constructor.
4) Initially, I had the following helper to get the enableReplaceObjectAction, 

    public static final PrivilegedAction enableReplaceObjectAction(
        final ObjectOutputStream oos, final boolean enable) {
        return new PrivilegedAction() {
            public Object run() {
                oos.enableReplaceObject(enable);
                return null;
            }
        };
    }

but this will not compile due to:

J2DoPrivHelper.java: enableReplaceObject(boolean) has protected access in java.io.ObjectOutputStream
                oos.enableReplaceObject(enable);
                   ^

Hence the in-line alternative is used to perform the doPrivlege call.

The same reason applies to the ObjectInputStream.enableResolveObject method call.

Albert Lee.

> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>            Assignee: Albert Lee
>         Attachments: OPENJPA-244.patch, OPENJPA.244-2.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered that we're
missing some doPriv blocks through out the OpenJPA code base.  This JIRA report will be used
to resolve these issues.  More specific examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message