[
https://issues.apache.org/jira/browse/OPENJPA-244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12518820
]
Albert Lee commented on OPENJPA-244:
------------------------------------
Craig,
Thanks for reviewing the patch.
Regarding the Serialization changes that the enableReplaceObject
PrivilegedAction is created in-line in the code and not in J2DoPrivHelper, the
reasons are:
1) PersistentObjectOutputStream extends ObjectOutputStream.
2) enabelReplaceObject is defined in ObjectOutputStream and is qualified as
protected.
3) enabelReplaceObject is called in the PersistentObjectOutputStream
constructor.
4) Initially, I had the following helper to get the enableReplaceObjectAction,
public static final PrivilegedAction enableReplaceObjectAction(
final ObjectOutputStream oos, final boolean enable) {
return new PrivilegedAction() {
public Object run() {
oos.enableReplaceObject(enable);
return null;
}
};
}
but this will not compile due to:
J2DoPrivHelper.java: enableReplaceObject(boolean) has protected access in
java.io.ObjectOutputStream
oos.enableReplaceObject(enable);
^
Hence the in-line alternative is used to perform the doPrivlege call.
The same reason applies to the ObjectInputStream.enableResolveObject method
call.
Albert Lee.
> Java 2 Security enablement
> --------------------------
>
> Key: OPENJPA-244
> URL: https://issues.apache.org/jira/browse/OPENJPA-244
> Project: OpenJPA
> Issue Type: Bug
> Affects Versions: 0.9.8
> Reporter: Kevin Sutter
> Assignee: Albert Lee
> Attachments: OPENJPA-244.patch, OPENJPA.244-2.patch
>
>
> Via some testing with the WebSphere Application Server, it's been discovered
> that we're missing some doPriv blocks through out the OpenJPA code base.
> This JIRA report will be used to resolve these issues. More specific
> examples will be posted later.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
