[
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12502397
]
Patrick Linskey commented on OPENJPA-244:
-----------------------------------------
I think that an important design goal here is minimal invasiveness into the
code. Java 2 security is something that many of us have never seen as an issue
in practice, so ensuring that the security-friendly mechanisms are just as easy
to use as the unfriendly versions is pretty important IMO.
Additionally, I'm concerned about the extra overhead incurred by these calls,
which makes me think that caching might be a good idea.
Given that you demonstrate in point 2 above that it is legit to cache the
return values of the security-wrapping calls, can we achieve better
encapsulation? For example, why not just have a
J2DoPrivHelper.getDeclaredMethod() call that does the right thing internally?
> Java 2 Security enablement
> --------------------------
>
> Key: OPENJPA-244
> URL: https://issues.apache.org/jira/browse/OPENJPA-244
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 0.9.8
> Reporter: Kevin Sutter
> Attachments: J2DoPrivHelper.java
>
>
> Via some testing with the WebSphere Application Server, it's been discovered
> that we're missing some doPriv blocks through out the OpenJPA code base.
> This JIRA report will be used to resolve these issues. More specific
> examples will be posted later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
