[jira] Commented: (OPENJPA-244) Java 2 Security enablement

Fri, 29 Jun 2007 17:44:25 -0700 

    [ 
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12509227
 ] 

Craig Russell commented on OPENJPA-244:
---------------------------------------

Very nice piece of work, Albert.

The original patch should be removed since it's no longer valid.

Just a few comments on the patch itself.

1. Typos in javadoc for almost all the methods in J2DoPrivHelper, e.g. 
PrivilegeExceptionAction should be PrivilegedExceptionAction

2. The cases where you call  this.getClass().getClassLoader()) don't need to be 
wrapped in a doPrivileged block. 

(From the javadoc of getClassLoader, If a security manager is present, and the 
caller's class loader is not null and the caller's class loader is not the same 
as or an ancestor of the class loader for the class whose class loader is 
requested, then this method calls the security manager's checkPermission method 
with a RuntimePermission("getClassLoader") permission to ensure it's ok to 
access the class loader for the class.)

3. In 
openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java
you might have missed this case:
@@ -238,12 +246,18 @@
             if (loader == THREAD_LOADER)
                 loader = Thread.currentThread().getContextClassLoader();
 
4. Several cases of try or catch with the { on the following line instead of on 
the same line.

5. In 
openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java

don't you need to have a doPrivileged around f.length() ? The javadoc would 
suggest so.

6. javadoc typos in newFIleOutputStreamAction methods in J2Helper class

7. I don't understand the rationale for newInstanceOfAction. I guess I don't 
know what a BCClass is and why its behavior is different from Class.


> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments: J2DoPrivHelper.java, OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered 
> that we're missing some doPriv blocks through out the OpenJPA code base.  
> This JIRA report will be used to resolve these issues.  More specific 
> examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to