Return-Path: Delivered-To: apmail-openjpa-dev-archive@www.apache.org Received: (qmail 28166 invoked from network); 31 Aug 2007 14:46:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Aug 2007 14:46:58 -0000 Received: (qmail 41561 invoked by uid 500); 31 Aug 2007 14:46:50 -0000 Delivered-To: apmail-openjpa-dev-archive@openjpa.apache.org Received: (qmail 41520 invoked by uid 500); 31 Aug 2007 14:46:50 -0000 Mailing-List: contact dev-help@openjpa.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openjpa.apache.org Delivered-To: mailing list dev@openjpa.apache.org Received: (qmail 41493 invoked by uid 99); 31 Aug 2007 14:46:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Aug 2007 07:46:50 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Aug 2007 14:47:56 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id CF4AB71420F for ; Fri, 31 Aug 2007 07:46:31 -0700 (PDT) Message-ID: <8285756.1188571591846.JavaMail.jira@brutus> Date: Fri, 31 Aug 2007 07:46:31 -0700 (PDT) From: "Albert Lee (JIRA)" To: dev@openjpa.apache.org Subject: [jira] Updated: (OPENJPA-339) Java 2 security Access denied in File.toURL() call In-Reply-To: <9677376.1188235410609.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/OPENJPA-339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Albert Lee updated OPENJPA-339: ------------------------------- Attachment: OPENJPA-339.1.patch Attached patch for the 2 new permission denials. The "new Thread" scenario is straight forward and needs no explaination. For the ProxyManagerImpl case, I have in-line the new PrivilegeAction instead of putting them in J2DoPrivHelper because generateProxyBeanBytecode() is protected qualified, therefore it can not be call from an action in J2DoPrivHelper. There are also many methods being called to the Code instance in generateProxyBeanBytecode() that may potentially need the doPriv . So instead of putting many individual doPriv for Code, the doPriv is moved up to generateProxyBeanBytecode() and this only needs one instead. > Java 2 security Access denied in File.toURL() call > -------------------------------------------------- > > Key: OPENJPA-339 > URL: https://issues.apache.org/jira/browse/OPENJPA-339 > Project: OpenJPA > Issue Type: Bug > Components: lib > Affects Versions: 0.9.7 > Reporter: Albert Lee > Assignee: Albert Lee > Fix For: 1.1.0 > > Attachments: OPENJPA-339.1.patch, OPENJPA-339.patch > > > Encounter the following access denial exception when Java 2 security is enabled in application server environment. > File.toURL() is not documented which requires security check, however indirectly, the File.isDirectory() is invoked, which required security permission. > Exception = java.security.AccessControlException > Source = com.ibm.ws.security.core.SecurityManager > probeid = 180 > Stack Dump = java.security.AccessControlException: Access denied (java.io.FilePermission C:\WAS3\profiles\AppSrv01\installedApps\javajoeNode01Cell\EJB3JPACallbackBeanApp.ear\EJB3JPACallbackWebApp.war\WEB-INF\classes\suite\r70\base\jpaspec\callback\entities\AbstractCallbackEntity.class read) > at java.security.AccessController.checkPermission(AccessController.java:104) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:547) > at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189) > at java.lang.SecurityManager.checkRead(SecurityManager.java:886) > at java.io.File.isDirectory(File.java:747) > at java.io.File.toURL(File.java:620) > at org.apache.openjpa.lib.meta.FileMetaDataIterator.next(FileMetaDataIterator.java:114) > at org.apache.openjpa.lib.meta.ClassArgParser.mapTypeNames(ClassArgParser.java:283) > at org.apache.openjpa.meta.AbstractCFMetaDataFactory.scan(AbstractCFMetaDataFactory.java:778) > at org.apache.openjpa.meta.AbstractCFMetaDataFactory.parsePersistentTypeNames(AbstractCFMetaDataFactory.java:637) > at org.apache.openjpa.meta.AbstractCFMetaDataFactory.getPersistentTypeNames(AbstractCFMetaDataFactory.java:605) > at org.apache.openjpa.meta.MetaDataRepository.getPersistentTypeNames(MetaDataRepository.java:1214) > at org.apache.openjpa.meta.MetaDataRepository.loadPersistentTypes(MetaDataRepository.java:1231) > at org.apache.openjpa.kernel.AbstractBrokerFactory.loadPersistentTypes(AbstractBrokerFactory.java:245) > at org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:197) > at org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:142) > at org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:190) > at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:37) > at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:28) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.