[
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Albert Lee updated OPENJPA-244:
-------------------------------
Attachment: OPENJPA-244.patch
Craig,
I wrote a small program to test the validity of the required permission for
File.length() and it showed below that proper permission/doPriv is required for
this method and it matches the javadoc description.
------------------------------------------
package test;
import java.io.File;
public class TestFileLength {
public static void main(String[] args) {
File f = new
File("C:\\a.workspace\\eclipse.workspace\\ejb3.serv1\\testSer\\src\\test\\TestFileLength.java");
System.out.println(f.length());
}
}
C:\a.workspace\eclipse.workspace\ejb3.serv1\testSer\build\classes>type
j2.security.test.policy
grant {
permission java.io.FilePermission "<<ALL FILES>>", "read";
};
C:\a.workspace\eclipse.workspace\ejb3.serv1\testSer\build\classes>java -cp .
test.TestFileLength
1266
C:\a.workspace\eclipse.workspace\ejb3.serv1\testSer\build\classes>java -cp .
-Djava.security.manager test.TestFileLength
Exception in thread "main" java.security.AccessControlException: Access denied
(java.io.FilePermission C:\a.workspace\ec
lipse.workspace\ejb3.serv1\testSer\src\test\TestFileLength.java read)
at
java.security.AccessController.checkPermission(AccessController.java:104)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
at java.io.File.length(File.java:839)
at test.TestFileLength.main(TestFileLength.java:38)
C:\a.workspace\eclipse.workspace\ejb3.serv1\testSer\build\classes>java -cp .
-Djava.security.manager -Djava.security.policy=j2.security.test.policy
test.TestFileLength
1266
C:\a.workspace\eclipse.workspace\ejb3.serv1\testSer\build\classes>
------------------------------------------
May be the reason the tests passed before is because the first condition of the
expression in XMLFileHandler is false and the f.length() is not evaluated.
- if (!f.exists() || f.length() == 0)
BTW, scanning for .length() in the source code one more time and I found
another instance of _file.length() that needs the doPriv. I corrected the
problem and a new patch is attached.
Albert Lee.
> Java 2 Security enablement
> --------------------------
>
> Key: OPENJPA-244
> URL: https://issues.apache.org/jira/browse/OPENJPA-244
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 0.9.8
> Reporter: Kevin Sutter
> Attachments: OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered
> that we're missing some doPriv blocks through out the OpenJPA code base.
> This JIRA report will be used to resolve these issues. More specific
> examples will be posted later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
