[
https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614057#action_12614057
]
Craig Russell commented on JDO-555:
-----------------------------------
I've now checked in src/conf/security.conf and made changes in maven.xml to
enable the security setting to be specified in a config file.
I have not yet checked in the conf file into the list of standard configs
because the JDORI still fails.
And I have not added a security test to the iut tests. It's not clear that this
adds value since what we're testing is that JDOHelper can access a
PersistenceManagerFactory with proper permissions for JDO jar, not testing that
we're able to run the iut with security.
If you run maven -o -Djdo.tck.cfglist=security.conf runtck.jdori it will work
with application identity but fail with a bogus error using datastore identity.
The same tests pass without the security setting.
Andy, I suspect that the problem is in a metadata access that is not properly
protected by doPrivileged, throwing a SecurityException, that is not properly
caught, possibly indicating that a field or property doesn't exist. I couldn't
find where the problem was though.
> All calls to Class.getMethod and Method.invoke (among others) need to be
> invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch,
> datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
