[
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marc Prud'hommeaux reopened OPENJPA-244:
----------------------------------------
I'm re-opening the issue because it looks like there are at least a few secure
calls that were missed. I ran a test by building a new rt.jar with a
java.lang.SecurityException that extends java.lang.Exception (instead of
java.lang.RuntimeException), and then compiling the openjpa classes with the
new rt.jar in the bootclasspath, which does a nice job at finding all the calls
to methods that might throw SecutiryException.
For example, FieldMetaData.java:1477 contains the line "Method[] methods =
cls.getMethods()".
Are these oversights, or is there some reason that these calls don't need to be
wrapped in doPriv blocks?
> Java 2 Security enablement
> --------------------------
>
> Key: OPENJPA-244
> URL: https://issues.apache.org/jira/browse/OPENJPA-244
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 0.9.8
> Reporter: Kevin Sutter
> Attachments: OPENJPA-244.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered
> that we're missing some doPriv blocks through out the OpenJPA code base.
> This JIRA report will be used to resolve these issues. More specific
> examples will be posted later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
