[
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12501604
]
Craig Russell commented on OPENJPA-244:
---------------------------------------
What is possible is to hide the nasty mechanical construction of a new instance
of the anonymous inner class by a wrapper method.
Perhaps Mitesh can post examples (used in CDDL-licensed TopLink Essentials)
that preserve the doPrivileged method call in the correct place but delegates
the construction of the instance to a wrapper. The resulting code is much more
readable than the usual inline doPrivileged and avoids the security hole.
> Java 2 Security enablement
> --------------------------
>
> Key: OPENJPA-244
> URL: https://issues.apache.org/jira/browse/OPENJPA-244
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 0.9.8
> Reporter: Kevin Sutter
> Attachments: J2DoPrivHelper.java
>
>
> Via some testing with the WebSphere Application Server, it's been discovered
> that we're missing some doPriv blocks through out the OpenJPA code base.
> This JIRA report will be used to resolve these issues. More specific
> examples will be posted later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
