[jira] Commented: (JDO-555) All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.

Craig Russell (JIRA) Sat, 12 Jul 2008 08:18:23 -0700

    [ 
https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613096#action_12613096
 ]


Craig Russell commented on JDO-555:
-----------------------------------

The nightly works for the access controls on JDOImplHelper all right.

There's a similar issue in the StateManager. The call replaceStateManager also 
needs to be inside a doPrivileged block. Actually, any of the methods between 
makePersistent and replaceStateManager can be called in doPrivileged and you'll 
be ok. The closer to the checkPermission and the faster the security check is, 
of course.

   [java] NestedThrowablesStackTrace:
    [java] java.security.AccessControlException: access denied 
(javax.jdo.spi.JDOPermission setStateManager)
    [java]      at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    [java]      at 
java.security.AccessController.checkPermission(AccessController.java:427)
    [java]      at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    [java]      at 
org.apache.jdo.tck.pc.mylib.PCPoint.jdoReplaceStateManager(PCPoint.java)
    [java]      at 
org.datanucleus.state.JDOStateManagerImpl.replaceStateManager(JDOStateManagerImpl.java:961)
    [java]      at 
org.datanucleus.state.JDOStateManagerImpl.initialiseForPersistentNew(JDOStateManagerImpl.java:409)
    [java]      at 
org.datanucleus.state.StateManagerFactory.newStateManagerForPersistentNew(StateManagerFactory.java:153)
    [java]      at 
org.datanucleus.ObjectManagerImpl.persistObjectInternal(ObjectManagerImpl.java:1245)
    [java]      at 
org.datanucleus.ObjectManagerImpl.persistObject(ObjectManagerImpl.java:1091)
    [java]      at 
org.datanucleus.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:666)
    [java]      at 
org.datanucleus.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:691)
    private void replaceStateManager(StateManager sm)

Here's a patch to try:

  945     {
  946         try
  947         {
AccessController.doPrivileged( 
                    new PrivilegedAction () { 
                        public Object run () { 
  948             myPC.jdoReplaceStateManager(sm);
                return null;
                        } 
                    } 
                ); 
  949         }
  950         catch (SecurityException e)
  951         {
  952             throw new JDOFatalUserException(LOCALISER.msg("026000"), e);
  953         }
  954     }
  955 


> All calls to Class.getMethod and Method.invoke (among others) need to be 
> invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: JDO-555
>                 URL: https://issues.apache.org/jira/browse/JDO-555
>             Project: JDO
>          Issue Type: Bug
>          Components: api2, api2-legacy
>    Affects Versions: JDO 2 maintenance release 1
>            Reporter: Matthew T. Adams
>            Assignee: Andy Jefferson
>             Fix For: JDO 2 maintenance release 2
>
>         Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (JDO-555) All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.

Reply via email to