You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jdo-dev@db.apache.org by "Matthew T. Adams (JIRA)" <ji...@apache.org> on 2007/11/26 19:50:42 UTC
[jira] Created: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
-------------------------------------------------------------------------------------------------------------
Key: JDO-555
URL: https://issues.apache.org/jira/browse/JDO-555
Project: JDO
Issue Type: Bug
Affects Versions: JDO 2 maintenance release 1
Reporter: Matthew T. Adams
Fix For: JDO 2 maintenance release 1
Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Component/s: api2-legacy
api2
Fix Version/s: (was: JDO 2 maintenance release 1)
JDO 2 maintenance release 2
By inspection, all methods in JDOHelper that need special permissions are now wrapped in doPrivilege blocks.
There are no test cases that verify this. The activity needed now is to add unit tests to verify that all such methods are wrapped in doPrivilege. The environment needs to be set up with a security manager and an appropriate permission file.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Priority: Minor (was: Major)
Downgrading this bug because the JDOHelper seems to now have proper doPrivileged wrappers and the only errors appear to be in the JDO RI itself.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613530#action_12613530 ]
Andy Jefferson commented on JDO-555:
------------------------------------
AbstractClassMetaData.initialise checks if the PK is valid and to do that uses reflection - now wrapped by AccessController
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614127#action_12614127 ]
Craig Russell commented on JDO-555:
-----------------------------------
There's another area that isn't protected with doPrivileged that causes a number of exceptions:
[java] 1) testPositive(org.apache.jdo.tck.query.api.ChangeQuery)java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
[java] at java.security.AccessController.checkPermission(AccessController.java:427)
[java] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java] at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
[java] at java.lang.Class.checkMemberAccess(Class.java:2125)
[java] at java.lang.Class.getDeclaredFields(Class.java:1714)
[java] at org.datanucleus.store.rdbms.query.ResultClassROF.populateDeclaredFieldsForUserType(ResultClassROF.java:329)
[java] at org.datanucleus.store.rdbms.query.ResultClassROF.populateDeclaredFieldsForUserType(ResultClassROF.java:339)
[java] at org.datanucleus.store.rdbms.query.ResultClassROF.<init>(ResultClassROF.java:122)
[java] at org.datanucleus.store.rdbms.query.ResultExpressionsQueryable.newResultObjectFactory(ResultExpressionsQueryable.java:424)
[java] at org.datanucleus.store.rdbms.query.JDOQLQuery.performExecute(JDOQLQuery.java:265)
[java] at org.datanucleus.store.query.Query.executeQuery(Query.java:1344)
[java] at org.datanucleus.store.rdbms.query.JDOQLQuery.executeQuery(JDOQLQuery.java:229)
[java] at org.datanucleus.store.query.Query.executeWithArray(Query.java:1265)
[java] at org.datanucleus.jdo.JDOQuery.executeWithArray(JDOQuery.java:308)
[java] at org.apache.jdo.tck.query.QueryTest.execute(QueryTest.java:1257)
[java] at org.apache.jdo.tck.query.QueryTest.executeJDOQuery(QueryTest.java:1161)
[java] at org.apache.jdo.tck.query.api.ChangeQuery.testPositive(ChangeQuery.java:95)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[java] at org.apache.jdo.tck.JDO_Test.runBare(JDO_Test.java:259)
[java] at org.apache.jdo.tck.util.BatchTestRunner.doRun(BatchTestRunner.java:108)
[java] at org.apache.jdo.tck.util.BatchTestRunner.start(BatchTestRunner.java:148)
[java] at org.apache.jdo.tck.util.BatchTestRunner.main(BatchTestRunner.java:123)
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell reassigned JDO-555:
---------------------------------
Assignee: Craig Russell
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 1
>
> Attachments: jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614108#action_12614108 ]
Craig Russell commented on JDO-555:
-----------------------------------
[java] 1) testNewInstanceInterface(org.apache.jdo.tck.api.persistencemanager.NewInstance)java.lang.RuntimeException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
[java] at org.datanucleus.metadata.ClassMetaData.addMetaDataForMembersNotInMetaData(ClassMetaData.java:456)
[java] at org.datanucleus.metadata.ClassMetaData.populate(ClassMetaData.java:254)
[java] at org.datanucleus.enhancer.asm.ASMImplementationGenerator.enhance(ASMImplementationGenerator.java:140)
[java] at org.datanucleus.enhancer.AbstractImplementationCreator.newInstance(AbstractImplementationCreator.java:187)
[java] at org.datanucleus.enhancer.AbstractImplementationCreator.newInstance(AbstractImplementationCreator.java:110)
[java] at org.datanucleus.ObjectManagerImpl.newInstance(ObjectManagerImpl.java:1873)
[java] at org.datanucleus.jdo.JDOPersistenceManager.newInstance(JDOPersistenceManager.java:1525)
[java] at org.apache.jdo.tck.api.persistencemanager.NewInstance.testNewInstanceInterface(NewInstance.java:64)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[java] at org.apache.jdo.tck.JDO_Test.runBare(JDO_Test.java:259)
[java] at org.apache.jdo.tck.util.BatchTestRunner.doRun(BatchTestRunner.java:108)
[java] at org.apache.jdo.tck.util.BatchTestRunner.start(BatchTestRunner.java:148)
[java] at org.apache.jdo.tck.util.BatchTestRunner.main(BatchTestRunner.java:123)
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: ClassMetaData.java-patch
This patch adds doPrivileged around some metadata access calls in JDO RI (Datanucleus).
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613023#action_12613023 ]
Craig Russell commented on JDO-555:
-----------------------------------
svn commit -m "JDO-555 Add security manager option to maven tck runs" maven.xml src/conf/security.policy
Sending maven.xml
Adding src/conf/security.policy
Transmitting file data ..
Committed revision 676104.
svn commit -m "JDO-555 Update pmf tests to use new method closePMF in JDO_Test"
Sending tck2/src/java/org/apache/jdo/tck/JDO_Test.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/AfterCloseGetPMThrowsException.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/AfterCloseSetMethodsThrowException.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/Close.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/CloseFailsIfTransactionActive.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/CloseWithoutPermissionThrowsSecurityException.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/config/Jdoconfig.java
Sending tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/config/Persistence.java
Transmitting file data ........
Committed revision 676106.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613066#action_12613066 ]
Andy Jefferson commented on JDO-555:
------------------------------------
DataNucleus access to JDOImplHelper now goes through AccessController. Use current nightly build and try that
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614063#action_12614063 ]
Andy Jefferson commented on JDO-555:
------------------------------------
Craig,
don't understand the patch since all calls to ClassMetaData.populate are already run with doPrivileged(). Do you have the stack trace that requires that ? which test ?
PS The JDO RI publishes "security.conf" info required to use it
http://www.datanucleus.org/products/accessplatform/security.html
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy Jefferson resolved JDO-555.
--------------------------------
Resolution: Fixed
DataNucleus nightly build runs fine for application and datastore id for this "security.conf".
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614057#action_12614057 ]
Craig Russell commented on JDO-555:
-----------------------------------
I've now checked in src/conf/security.conf and made changes in maven.xml to enable the security setting to be specified in a config file.
I have not yet checked in the conf file into the list of standard configs because the JDORI still fails.
And I have not added a security test to the iut tests. It's not clear that this adds value since what we're testing is that JDOHelper can access a PersistenceManagerFactory with proper permissions for JDO jar, not testing that we're able to run the iut with security.
If you run maven -o -Djdo.tck.cfglist=security.conf runtck.jdori it will work with application identity but fail with a bogus error using datastore identity. The same tests pass without the security setting.
Andy, I suspect that the problem is in a metadata access that is not properly protected by doPrivileged, throwing a SecurityException, that is not properly caught, possibly indicating that a field or property doesn't exist. I couldn't find where the problem was though.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: jdo-555.patch
Please review this patch. It allows you to specify -Djdo.tck.security when running maven runtck.jdori, which adds "" to the java command line.
The security policy itself isn't complete yet. The RI doesn't run with this setup because of something wrong with c3p0. Some advice would be helpful.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613256#action_12613256 ]
Andy Jefferson commented on JDO-555:
------------------------------------
Thx for the patch - variations on them were included in SVN over the weekend.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613134#action_12613134 ]
Craig Russell commented on JDO-555:
-----------------------------------
svn commit
Sending /Users/clr/apache/jdo/trunk/tck2/src/conf/security.policy
Transmitting file data .
Committed revision 676243.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (JDO-555) All calls to Class.getMethod
and Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12612932#action_12612932 ]
clr edited comment on JDO-555 at 7/11/08 10:18 AM:
-------------------------------------------------------------
Please review this patch. It allows you to specify -Djdo.tck.security, which adds
"-Djava.security.manager -Djava.security.policy=${basedir}/src/conf/security.policy"
to the java command line when running maven runtck.jdori.
The security policy itself isn't complete yet. The RI doesn't run with this setup because of something wrong with c3p0. Some advice would be helpful.
was (Author: clr):
Please review this patch. It allows you to specify -Djdo.tck.security when running maven runtck.jdori, which adds "" to the java command line.
The security policy itself isn't complete yet. The RI doesn't run with this setup because of something wrong with c3p0. Some advice would be helpful.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613531#action_12613531 ]
Craig Russell commented on JDO-555:
-----------------------------------
Andy,
Yes, initialise() is the culprit I see.
Without the patch to MetaDataManager, running gives
[java] RUN GetPMFByFile.testValidGetPMF ERROR
The doPrivileged can go in any of several places in the stack (between org.apache.jdo.tck.api.persistencemanagerfactory.AbstractGetPMF.makePersistent(AbstractGetPMF.java:102) and
java.lang.Class.getDeclaredFields(Class.java:1714)
I picked getMetaDataForClass because it seems to encompass a lot of reflection code.
[java] 1) testValidGetPMF(org.apache.jdo.tck.api.persistencemanagerfactory.GetPMFByFile)java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
[java] at java.security.AccessController.checkPermission(AccessController.java:427)
[java] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java] at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
[java] at java.lang.Class.checkMemberAccess(Class.java:2125)
[java] at java.lang.Class.getDeclaredFields(Class.java:1714)
[java] at org.datanucleus.jdo.JDOAdapter.processPrimaryKeyClass(JDOAdapter.java:406)
[java] at org.datanucleus.jdo.JDOAdapter.isValidPrimaryKeyClass(JDOAdapter.java:377)
[java] at org.datanucleus.metadata.AbstractClassMetaData.validateObjectIdClass(AbstractClassMetaData.java:1147)
[java] at org.datanucleus.metadata.ClassMetaData.initialise(ClassMetaData.java:654)
[java] at org.datanucleus.metadata.MetaDataManager.initialiseAbstractClassMetaData(MetaDataManager.java:1974)
[java] at org.datanucleus.metadata.MetaDataManager.getMetaDataForClass(MetaDataManager.java:862)
[java] at org.datanucleus.ObjectManagerImpl.hasPersistenceInformationForClass(ObjectManagerImpl.java:3749)
[java] at org.datanucleus.ObjectManagerImpl.assertClassPersistable(ObjectManagerImpl.java:3667)
[java] at org.datanucleus.ObjectManagerImpl.persistObjectInternal(ObjectManagerImpl.java:1150)
[java] at org.datanucleus.ObjectManagerImpl.persistObject(ObjectManagerImpl.java:1091)
[java] at org.datanucleus.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:666)
[java] at org.datanucleus.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:691)
[java] at org.apache.jdo.tck.api.persistencemanagerfactory.AbstractGetPMF.makePersistent(AbstractGetPMF.java:102)
[java] at org.apache.jdo.tck.api.persistencemanagerfactory.AbstractGetPMF.checkGetPMFWithValidProperties(AbstractGetPMF.java:142)
[java] at org.apache.jdo.tck.api.persistencemanagerfactory.GetPMFByFile.testValidGetPMF(GetPMFByFile.java:72)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[java] at org.apache.jdo.tck.JDO_Test.runBare(JDO_Test.java:259)
[java] at org.apache.jdo.tck.util.BatchTestRunner.doRun(BatchTestRunner.java:108)
[java] at org.apache.jdo.tck.util.BatchTestRunner.start(BatchTestRunner.java:148)
[java] at org.apache.jdo.tck.util.BatchTestRunner.main(BatchTestRunner.java:123)
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613526#action_12613526 ]
Andy Jefferson commented on JDO-555:
------------------------------------
Craig,
I know I didn't include your patch as-is. I put AccessController around the calls to ClassMetaData/InterfaceMetaData.populate() which definitely uses reflection. Putting it around that block you selected would not have caught initialisation from persistence.xml etc (hence calls to reflective methods).
So my question is, what other DataNucleus call needs AccessController around it ? Is it ClassMetaData/InterfaceMetaData.initialise() ?
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613096#action_12613096 ]
Craig Russell commented on JDO-555:
-----------------------------------
The nightly works for the access controls on JDOImplHelper all right.
There's a similar issue in the StateManager. The call replaceStateManager also needs to be inside a doPrivileged block. Actually, any of the methods between makePersistent and replaceStateManager can be called in doPrivileged and you'll be ok. The closer to the checkPermission and the faster the security check is, of course.
[java] NestedThrowablesStackTrace:
[java] java.security.AccessControlException: access denied (javax.jdo.spi.JDOPermission setStateManager)
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
[java] at java.security.AccessController.checkPermission(AccessController.java:427)
[java] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java] at org.apache.jdo.tck.pc.mylib.PCPoint.jdoReplaceStateManager(PCPoint.java)
[java] at org.datanucleus.state.JDOStateManagerImpl.replaceStateManager(JDOStateManagerImpl.java:961)
[java] at org.datanucleus.state.JDOStateManagerImpl.initialiseForPersistentNew(JDOStateManagerImpl.java:409)
[java] at org.datanucleus.state.StateManagerFactory.newStateManagerForPersistentNew(StateManagerFactory.java:153)
[java] at org.datanucleus.ObjectManagerImpl.persistObjectInternal(ObjectManagerImpl.java:1245)
[java] at org.datanucleus.ObjectManagerImpl.persistObject(ObjectManagerImpl.java:1091)
[java] at org.datanucleus.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:666)
[java] at org.datanucleus.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:691)
private void replaceStateManager(StateManager sm)
Here's a patch to try:
945 {
946 try
947 {
AccessController.doPrivileged(
new PrivilegedAction () {
public Object run () {
948 myPC.jdoReplaceStateManager(sm);
return null;
}
}
);
949 }
950 catch (SecurityException e)
951 {
952 throw new JDOFatalUserException(LOCALISER.msg("026000"), e);
953 }
954 }
955
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: jdo-555.patch
This is a pretty big patch, as it changes JDOHelper quite a bit to improve readability. With the changes in this patch, all of the tck tests pass on the latest JPOX snapshot.
Changes in this patch include added tests for jdoconfig.xml configuration and added tests for JDOHelperConfigTest for the new Map, Map APIs.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Craig Russell
> Fix For: JDO 2 maintenance release 1
>
> Attachments: jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: jdo-555.patch
Please review this patch. I think I've got all the methods that require permissions.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Fix For: JDO 2 maintenance release 1
>
> Attachments: jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Andy Jefferson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614966#action_12614966 ]
Andy Jefferson commented on JDO-555:
------------------------------------
Class loading of HashMap is not now present in DataNucleus SVN.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: datanucleus.patch
This patch is for datanucleus core. It adds required doPrivileged blocks around code that accesses metadata by reflection; and around code that calls jdoReplaceStateManager.
There might be a better place for the doPrivileged blocks in metadata but this seems to be a single point of access into the metadata code.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell reassigned JDO-555:
---------------------------------
Assignee: Andy Jefferson (was: Craig Russell)
There's still a bit of work to do to make sure that the TCK can run with a security manager.
Right now, running just the pmf tests with security manager results in errors because DataNucleus doesn't encapsulate its calls to JDOImplHelper.getInstance() in doPrivileged.
Here's the command line to invoke the pmf tests with a security manager:
maven -o -Djdo.tck.cfglist=pmf.conf -Djdo.tck.identitytypes=datastoreidentity -Djdo.tck.security runtck.jdori
Here's part of the output:
Caused by: java.security.AccessControlException: access denied (javax.jdo.spi.JDOPermission getMetadata)
[java] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
[java] at java.security.AccessController.checkPermission(AccessController.java:427)
[java] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[java] at javax.jdo.spi.JDOImplHelper.getInstance(JDOImplHelper.java:146)
[java] at org.datanucleus.metadata.MetaDataManager.<init>(MetaDataManager.java:158)
[java] at org.datanucleus.jdo.metadata.JDOMetaDataManager.<init>(JDOMetaDataManager.java:106)
This is an example of the code needed.
/** Get the JDOImplHelper instance
* This must be done in a doPrivileged block.
*/
public static JDOImplHelper getJDOImplHelper() {
return (JDOImplHelper) AccessController.doPrivileged(
new PrivilegedAction () {
public Object run () {
return JDOImplHelper.getInstance();
}
}
);
}
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: datanucleus.patch
The changes in svn didn't include these changes to MetaDataManager.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Craig Russell updated JDO-555:
------------------------------
Attachment: xmlbean.patch
This patch adds doPrivileged to calls to spring bean processing.
The method getBean is the method that is invoked in doPrivileged. The same method is used in QueryTest and in CompletenessTest. It might appear in other places in the tck as well.
So, should we put getBean into JDO_Test? Create a new subclass of JDO_Test that would be inherited by QueryTest and CompletenessTest? I don't like the duplication of the method in two places.
Another issue is the treatment of the root list. In QueryTest, two different class implementations both use the same pattern: call the root list bean "root". This patch assumes that getRootList which has no actual common implementation between the MylibReader and CompanyReader, simply returns the xml bean called "root". We could also create a common BeanReader class that both MylibReader and CompanyReader inherit.
Suggestions?
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614817#action_12614817 ]
Craig Russell commented on JDO-555:
-----------------------------------
The ROF class still has the issue. This code (appears in two places) is problematic.
if (cls != null && cls.getName().equals("java.util.Map"))
{
// Spec 14.6.12 If user specifies java.util.Map, then impl chooses its own implementation Map class
try
{
tmpClass = Class.forName("java.util.HashMap", true, cls.getClassLoader());
}
catch (ClassNotFoundException cnfe)
{
tmpClass = cls;
}
}
else
{
tmpClass = cls;
}
I think the line
tmpClass = Class.forName("java.util.HashMap", true, cls.getClassLoader());
needs to be wrapped in a doPrivileged block, or a simpler implementation, e.g.
tmpClass = Class.forName("java.util.HashMap");
It's not obvious to me that we need to cater for a different java.util.HashMap class in the user's classpath instead of the implementation's classpath.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch, datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (JDO-555) All calls to Class.getMethod and
Method.invoke (among others) need to be invoked inside a doPrivileged
block.
Posted by "Craig Russell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12613135#action_12613135 ]
Craig Russell commented on JDO-555:
-----------------------------------
svn commit -m "JDO-555 Change pmf.close to closePMF."
Sending /Users/clr/apache/jdo/trunk/tck2/src/java/org/apache/jdo/tck/api/persistencemanagerfactory/config/JDOConfigListener.java
Transmitting file data .
Committed revision 676244.
> All calls to Class.getMethod and Method.invoke (among others) need to be invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Fix For: JDO 2 maintenance release 2
>
> Attachments: jdo-555.patch, jdo-555.patch, jdo-555.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.