[jira] Updated: (OPENJPA-244) Java 2 Security enablement

Albert Lee (JIRA) Tue, 03 Jul 2007 12:15:28 -0700

     [ 
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Albert Lee updated OPENJPA-244:
-------------------------------

    Attachment: OPENJPA-244.patch

Craig,

After some experimentation to narrow down the code bases and permissions 
required  for the test bucket, here is the refined policy:

// derby code base
grant CodeBase "file:///${user.home}/.m2/repository/org/apache/derby/derby/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    
"read,write,delete";
    permission java.lang.RuntimePermission                          
"createClassLoader";
    permission java.util.PropertyPermission     "derby.*",          "read";
};

// openjpa code base.
grant CodeBase "file:///${test.basedir}/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    
"read,write";
    permission java.io.SerializablePermission                       
"enableSubstitution";
    permission java.lang.RuntimePermission                          
"accessDeclaredMembers";
    permission java.lang.RuntimePermission                          
"createClassLoader";
    permission java.lang.RuntimePermission                          
"getClassLoader";
    permission java.lang.RuntimePermission                          "setIO";
    permission java.lang.reflect.ReflectPermission                  
"suppressAccessChecks";
    permission java.util.PropertyPermission     "*",                
"read,write";
};

// depending packages code base, e.g junit, surefire etc.
grant CodeBase "file:///${user.home}/.m2/repository/-" {

    permission java.io.FilePermission           "<<ALL FILES>>",    
"read,write";
    permission java.io.SerializablePermission                       
"enableSubstitution";
    permission java.lang.RuntimePermission                          
"accessDeclaredMembers";
    permission java.lang.RuntimePermission                          
"createClassLoader";
    permission java.lang.RuntimePermission                          
"getClassLoader";
    permission java.lang.RuntimePermission                          
"setContextClassLoader";
    permission java.lang.RuntimePermission                          "setIO";
    permission java.lang.reflect.ReflectPermission                  
"suppressAccessChecks";
    permission java.util.PropertyPermission     "*",                
"read,write";
};

Attached is a new patch with this new policy.

I hope this has addressed your concern.

Albert Lee,

> Java 2 Security enablement
> --------------------------
>
>                 Key: OPENJPA-244
>                 URL: https://issues.apache.org/jira/browse/OPENJPA-244
>             Project: OpenJPA
>          Issue Type: Bug
>    Affects Versions: 0.9.8
>            Reporter: Kevin Sutter
>         Attachments: OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered 
> that we're missing some doPriv blocks through out the OpenJPA code base.  
> This JIRA report will be used to resolve these issues.  More specific 
> examples will be posted later.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (OPENJPA-244) Java 2 Security enablement

Reply via email to