You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jdo-dev@db.apache.org by "Craig Russell (JIRA)" <ji...@apache.org> on 2008/07/12 07:44:31 UTC

[jira] Assigned: (JDO-555) All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.

     [ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Craig Russell reassigned JDO-555:
---------------------------------

    Assignee: Andy Jefferson  (was: Craig Russell)

There's still a bit of work to do to make sure that the TCK can run with a security manager.

Right now, running just the pmf tests with security manager results in errors because DataNucleus doesn't encapsulate its calls to JDOImplHelper.getInstance() in doPrivileged.

Here's the command line to invoke the pmf tests with a security manager:

maven -o -Djdo.tck.cfglist=pmf.conf -Djdo.tck.identitytypes=datastoreidentity -Djdo.tck.security runtck.jdori

Here's part of the output:

Caused by: java.security.AccessControlException: access denied (javax.jdo.spi.JDOPermission getMetadata)
    [java] 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    [java] 	at java.security.AccessController.checkPermission(AccessController.java:427)
    [java] 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    [java] 	at javax.jdo.spi.JDOImplHelper.getInstance(JDOImplHelper.java:146)
    [java] 	at org.datanucleus.metadata.MetaDataManager.<init>(MetaDataManager.java:158)
    [java] 	at org.datanucleus.jdo.metadata.JDOMetaDataManager.<init>(JDOMetaDataManager.java:106)

This is an example of the code needed.

    /** Get the JDOImplHelper instance
     * This must be done in a doPrivileged block.
     */
    public static JDOImplHelper getJDOImplHelper() {
                return (JDOImplHelper) AccessController.doPrivileged(
                    new PrivilegedAction () {
                        public Object run () {
                            return JDOImplHelper.getInstance();
                        }
                    }
                );
    }




> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: JDO-555
>                 URL: https://issues.apache.org/jira/browse/JDO-555
>             Project: JDO
>          Issue Type: Bug
>          Components: api2, api2-legacy
>    Affects Versions: JDO 2 maintenance release 1
>            Reporter: Matthew T. Adams
>            Assignee: Andy Jefferson
>             Fix For: JDO 2 maintenance release 2
>
>         Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.