You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openjpa.apache.org by mi...@apache.org on 2007/07/03 23:55:33 UTC
svn commit: r552996 [3/3] - in /openjpa/trunk: ./
openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/
openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/conf/
openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/
openjpa-jdbc/src/main/java/org/a...
Added: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java?view=auto&rev=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java (added)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java Tue Jul 3 14:55:29 2007
@@ -0,0 +1,622 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.openjpa.lib.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import serp.bytecode.BCClass;
+import serp.bytecode.Code;
+
+/**
+ * Helper class to obtain the Privilege(Exception)Action object to perform
+ * Java 2 doPrivilege security sensitive function call in the following
+ * methods:
+ * <ul>
+ * <li>Class.getClassLoader
+ * <li>Class.getDeclaredField
+ * <li>Class.getDeclaredFields
+ * <li>Class.getDeclaredMethod
+ * <li>Class.getDeclaredMethods
+ * <li>Class.getResource
+ * <li>Class.newInstance
+ * <li>ClassLoader.getParent
+ * <li>ClassLoader.getResource
+ * <li>ClassLoader.getResources
+ * <li>ClassLoader.getSystemClassLoader
+ * <li>File.exists
+ * <li>File.getAbsolutePath
+ * <li>File.getCanonicalPath
+ * <li>File.length
+ * <li>File.mkdirs
+ * <li>File.renameTo
+ * <li>FileInputStream new
+ * <li>FileOutputStream new
+ * <li>System.getProperties
+ * <li>System.getProperty
+ * <li>Thread.getContextClassLoader
+ * <li>URL.openStream
+ * <li>URLConnection.getContent
+ * <li>serp.bytecode.Code new
+ * <li>serp.bytecode.BCClass.isInstanceOf
+ * </ul>
+ *
+ * If these methods are used, the following sample usage patterns should be
+ * followed to ensure proper privilege is granted:
+ * <xmp>
+ * 1) No security risk method call. E.g.
+ *
+ * private static final String SEP = J2DoPrivHelper.getLineSeparator();
+ *
+ * 2) Methods with no exception thrown. PrivilegedAction is returned from
+ * J2DoPrivHelper.*Action(). E.g.
+ *
+ * ClassLoader loader = (ClassLoader)AccessController.doPrivileged(
+ * J2DoPrivHelper.getClassLoaderAction( clazz ));
+ *
+ * ClassLoader loader = (ClassLoader) (System.getSecurityManager() == null)
+ * ? clazz.getClassLoader()
+ * : AccessController.doPrivileged(
+ * J2DoPrivHelper.getClassLoaderAction( clazz ));
+ * 3) Methods with exception thrown. PrivilegedExceptionAction is returned
+ * from J2DoPrivHelper.*Action(). E.g.
+ *
+ * try {
+ * method = (Method) AccessController.doPrivileged(
+ * J2DoPrivHelper.getDeclaredMethodAction(clazz, name, parameterType));
+ * } catch( PrivilegedActionException pae ) {
+ * throw (NoSuchMethodException)pae.getException();
+ * }
+ *
+ * try {
+ * method = ( System.getSecurityManager() == null )
+ * ? clazz.getDeclaredMethod(name,parameterType)
+ * : (Method) AccessController.doPrivileged(
+ * J2DoPrivHelper.getDeclaredMethodAction(
+ * clazz, name, parameterType));
+ * } catch( PrivilegedActionException pae ) {
+ * throw (NoSuchMethodException)pae.getException()
+ * }
+ * </xmp>
+ * @author Albert Lee
+ */
+
+public abstract class J2DoPrivHelper {
+ private static String lineSeparator = null;
+ private static String pathSeparator = null;
+
+ /**
+ * Return the value of the "line.separator" system property.
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ */
+ public static final String getLineSeparator() {
+ if (lineSeparator == null) {
+ lineSeparator = (String) AccessController
+ .doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty("line.separator");
+ }
+ });
+ }
+ return lineSeparator;
+ }
+
+ /**
+ * Return the value of the "path.separator" system property.
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ */
+ public static final String getPathSeparator() {
+ if (pathSeparator == null) {
+ pathSeparator = (String) AccessController
+ .doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty("path.separator");
+ }
+ });
+ }
+ return pathSeparator;
+ }
+
+ /**
+ * Return a PrivilegeAction object for clazz.getClassloader().
+ *
+ * Notes: No doPrivilege wrapping is required in the caller if:
+ * "the caller's class loader is not null and the caller's class loader
+ * is not the same as or an ancestor of the class loader for the class
+ * whose class loader is requested". E.g.
+ *
+ * this.getClass().getClassLoader();
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return Classloader
+ */
+ public static final PrivilegedAction getClassLoaderAction(
+ final Class clazz) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return clazz.getClassLoader();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for clazz.getDeclaredField().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
+ *
+ * @return Field
+ * @exception NoSuchFieldException
+ */
+ public static final PrivilegedExceptionAction getDeclaredFieldAction(
+ final Class clazz, final String name) {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws NoSuchFieldException {
+ return clazz.getDeclaredField(name);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for class.getDeclaredFields().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
+ *
+ * @return Field[]
+ */
+ public static final PrivilegedAction getDeclaredFieldsAction(
+ final Class clazz) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return clazz.getDeclaredFields();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for clazz.getDeclaredMethod().
+ *
+ * Requires security policy
+ * 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
+ *
+ * @return Method
+ * @exception NoSuchMethodException
+ */
+ public static final PrivilegedExceptionAction getDeclaredMethodAction(
+ final Class clazz, final String name, final Class[] parameterTypes) {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws NoSuchMethodException {
+ return clazz.getDeclaredMethod(name, parameterTypes);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for clazz.getDeclaredMethods().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "accessDeclaredMembers";'
+ *
+ * @return Method[]
+ */
+ public static final PrivilegedAction getDeclaredMethodsAction(
+ final Class clazz) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return clazz.getDeclaredMethods();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for clazz.getResource().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return URL
+ */
+ public static final PrivilegedAction getResourceAction(
+ final Class clazz, final String resource) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return clazz.getResource(resource);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for clazz.newInstance().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return Object
+ * @exception IllegalAccessException
+ * @exception InstantiationException
+ */
+ public static final PrivilegedExceptionAction newInstanceAction(
+ final Class clazz) throws IllegalAccessException,
+ InstantiationException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws IllegalAccessException,
+ InstantiationException {
+ return clazz.newInstance();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for loader.getParent().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return ClassLoader
+ */
+ public static final PrivilegedAction getParentAction(
+ final ClassLoader loader) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return loader.getParent();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for loader.getResource().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return URL
+ */
+ public static final PrivilegedAction getResourceAction(
+ final ClassLoader loader, final String resource) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return loader.getResource(resource);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for loader.getResources().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return Enumeration
+ * @exception IOException
+ */
+ public static final PrivilegedExceptionAction getResourcesAction(
+ final ClassLoader loader, final String resource) throws IOException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws IOException {
+ return loader.getResources(resource);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for ClassLoader.getSystemClassLoader().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return ClassLoader
+ */
+ public static final PrivilegedAction getSystemClassLoaderAction() {
+ return new PrivilegedAction() {
+ public Object run() {
+ return ClassLoader.getSystemClassLoader();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for f.exists().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return Boolean
+ */
+ public static final PrivilegedAction existsAction(final File f) {
+ return new PrivilegedAction() {
+ public Object run() {
+ try {
+ return f.exists() ? Boolean.TRUE : Boolean.FALSE;
+ } catch (NullPointerException npe) {
+ return Boolean.FALSE;
+ }
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for f.getAbsolutePath().
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ *
+ * @return String
+ */
+ public static final PrivilegedAction getAbsolutePathAction(final File f) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return f.getAbsolutePath();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for f.getCanonicalPath().
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ *
+ * @return String
+ * @exception IOException
+ */
+ public static final PrivilegedExceptionAction getCanonicalPathAction(
+ final File f) throws IOException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws IOException {
+ return f.getCanonicalPath();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for f.length().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return Long
+ */
+ public static final PrivilegedAction lengthAction(final File f) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return new Long( f.length() );
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for f.mkdirs().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "write";'
+ *
+ * @return Boolean
+ */
+ public static final PrivilegedAction mkdirsAction(final File f) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return f.mkdirs() ? Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for f.renameTo().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "write";'
+ *
+ * @return Boolean
+ */
+ public static final PrivilegedAction renameToAction(final File from,
+ final File to) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return from.renameTo(to) ? Boolean.TRUE : Boolean.FALSE;
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for new FileInputStream().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return FileInputStream
+ * @throws FileNotFoundException
+ */
+ public static final PrivilegedExceptionAction newFileInputStreamAction(
+ final File f) throws FileNotFoundException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(f);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for new FileOutputStream().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "write";'
+ *
+ * @return FileOutputStream
+ * @throws FileNotFoundException
+ */
+ public static final PrivilegedExceptionAction newFileOutputStreamAction(
+ final File f) throws FileNotFoundException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileOutputStream(f);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for new FileOutputStream().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "write";'
+ *
+ * @return FileOutputStream
+ * @throws FileNotFoundException
+ */
+ public static final PrivilegedExceptionAction newFileOutputStreamAction(
+ final String f, final boolean append) throws FileNotFoundException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileOutputStream(f, append);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for System.getProperties().
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ *
+ * @return Properties
+ */
+ public static final PrivilegedAction getPropertiesAction() {
+ return new PrivilegedAction() {
+ public Object run() {
+ return System.getProperties();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for System.getProperty().
+ *
+ * Requires security policy:
+ * 'permission java.util.PropertyPermission "read";'
+ *
+ * @return String
+ */
+ public static final PrivilegedAction getPropertyAction(final String name) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(name);
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for Thread.currentThread
+ * .getContextClassLoader().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return ClassLoader
+ */
+ public static final PrivilegedAction getContextClassLoaderAction() {
+ return new PrivilegedAction() {
+ public Object run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object for url.openStream().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return InputStream
+ * @throws IOException
+ */
+ public static final PrivilegedExceptionAction openStreamAction(
+ final URL url) throws IOException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws IOException {
+ return url.openStream();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegedExceptionAction object con.getContent().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return Object
+ * @throws IOException
+ */
+ public static final PrivilegedExceptionAction getContentAction(
+ final URLConnection con) throws IOException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws IOException {
+ return con.getContent();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for new serp.bytecode.Code().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return serp.bytecode.Code
+ */
+ public static final PrivilegedAction newCodeAction() {
+ return new PrivilegedAction() {
+ public Object run() {
+ return new Code();
+ }
+ };
+ }
+
+ /**
+ * Return a PrivilegeAction object for bcClass.isInstanceOf().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return Boolean
+ */
+ public static final PrivilegedAction isInstanceOfAction(
+ final BCClass bcClass, final Class clazz) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return bcClass.isInstanceOf(clazz) ? Boolean.TRUE
+ : Boolean.FALSE;
+ }
+ };
+ }
+}
Propchange: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java Tue Jul 3 14:55:29 2007
@@ -20,6 +20,7 @@
import java.lang.reflect.Field;
import java.lang.reflect.Method;
+import java.security.AccessController;
/**
* Utilities for dealing with different Java spec versions.
@@ -45,7 +46,8 @@
private static Method INIT_CAUSE = null;
static {
- String specVersion = System.getProperty("java.specification.version");
+ String specVersion = (String)AccessController.doPrivileged(
+ J2DoPrivHelper.getPropertyAction("java.specification.version"));
if ("1.2".equals(specVersion))
VERSION = 2;
else if ("1.3".equals(specVersion))
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java Tue Jul 3 14:55:29 2007
@@ -18,6 +18,7 @@
*/
package org.apache.openjpa.lib.util;
+import java.security.AccessController;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
@@ -99,7 +100,8 @@
return loc;
else {
loc = new Localizer(pkg, file, locale,
- cls == null ? null : cls.getClassLoader());
+ cls == null ? null:(ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getClassLoaderAction(cls)));
_localizers.put(key, loc);
return loc;
}
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java Tue Jul 3 14:55:29 2007
@@ -20,6 +20,8 @@
import java.io.IOException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
@@ -46,7 +48,8 @@
* The standard system class loader.
*/
public static final ClassLoader SYSTEM_LOADER =
- ClassLoader.getSystemClassLoader();
+ (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getSystemClassLoaderAction());
private List _loaders = new ArrayList(5);
@@ -82,7 +85,8 @@
for (int i = 0; i < loaders.length; i++) {
loader = (ClassLoader) itr.next();
if (loader == THREAD_LOADER)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
loaders[i] = loader;
}
return loaders;
@@ -94,7 +98,8 @@
public ClassLoader getClassLoader(int index) {
ClassLoader loader = (ClassLoader) _loaders.get(index);
if (loader == THREAD_LOADER)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
return loader;
}
@@ -201,7 +206,8 @@
for (Iterator itr = _loaders.iterator(); itr.hasNext();) {
loader = (ClassLoader) itr.next();
if (loader == THREAD_LOADER)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
try {
return Class.forName(name, false, loader);
} catch (Throwable t) {
@@ -216,12 +222,14 @@
for (Iterator itr = _loaders.iterator(); itr.hasNext();) {
loader = (ClassLoader) itr.next();
if (loader == THREAD_LOADER)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
if (loader == null) // skip
continue;
- rsrc = loader.getResource(name);
+ rsrc = (URL)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourceAction(loader, name));
if (rsrc != null)
return rsrc;
}
@@ -236,14 +244,21 @@
for (Iterator itr = _loaders.iterator(); itr.hasNext();) {
loader = (ClassLoader) itr.next();
if (loader == THREAD_LOADER)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
+
- rsrcs = loader.getResources(name);
- while (rsrcs.hasMoreElements()) {
- rsrc = rsrcs.nextElement();
- if (!all.contains(rsrc))
- all.addElement(rsrc);
- }
+ try {
+ rsrcs = (Enumeration)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourcesAction(loader, name));
+ while (rsrcs.hasMoreElements()) {
+ rsrc = rsrcs.nextElement();
+ if (!all.contains(rsrc))
+ all.addElement(rsrc);
+ }
+ } catch( PrivilegedActionException pae ) {
+ throw (IOException)pae.getException();
+ }
}
return all.elements();
}
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java Tue Jul 3 14:55:29 2007
@@ -22,6 +22,8 @@
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
@@ -31,6 +33,7 @@
import java.util.TreeSet;
import org.apache.commons.lang.StringUtils;
+
import serp.util.Strings;
/**
@@ -363,7 +366,12 @@
// inner instance and set it in object
if (inner == null && setter != null) {
Class innerType = getType(setter)[0];
- inner = innerType.newInstance();
+ try {
+ inner = AccessController.doPrivileged(
+ J2DoPrivHelper.newInstanceAction(innerType));
+ } catch( PrivilegedActionException pae ) {
+ throw pae.getException();
+ }
invoke(match[0], setter, new Object[]{ inner });
}
match[0] = inner;
@@ -444,7 +452,12 @@
}
if (!type.isAssignableFrom(subType))
throw err;
- return subType.newInstance();
+ try {
+ return AccessController.doPrivileged(
+ J2DoPrivHelper.newInstanceAction(subType));
+ } catch( PrivilegedActionException pae ) {
+ throw pae.getException();
+ }
}
/**
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java Tue Jul 3 14:55:29 2007
@@ -29,6 +29,7 @@
import java.io.OutputStreamWriter;
import java.io.Reader;
import java.io.Writer;
+import java.security.AccessController;
import java.util.HashMap;
import java.util.Map;
@@ -45,7 +46,7 @@
*/
public class ParameterTemplate {
- private static final String SEP = System.getProperty("line.separator");
+ private static final String SEP = J2DoPrivHelper.getLineSeparator();
private final StringBuffer _buf = new StringBuffer();
private final Map _params = new HashMap();
@@ -210,7 +211,8 @@
if (_params.containsKey(param.toString()))
copy.append(_params.get(param.toString()));
else
- copy.append(System.getProperty(param.toString()));
+ copy.append((String)AccessController.doPrivileged(
+ J2DoPrivHelper.getPropertyAction(param.toString())));
param = null;
} else if (param != null)
param.append(ch);
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java Tue Jul 3 14:55:29 2007
@@ -23,6 +23,7 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
@@ -84,11 +85,13 @@
public static String[] getImplementors(String serviceName,
ClassLoader loader) {
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
try {
Set resourceList = new TreeSet();
- Enumeration resources = loader.getResources(PREFIX + serviceName);
+ Enumeration resources = (Enumeration)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourcesAction(loader, PREFIX + serviceName));
while (resources.hasMoreElements())
addResources((URL) resources.nextElement(), resourceList);
@@ -175,7 +178,8 @@
public static Class[] getImplementorClasses(String serviceName,
ClassLoader loader, boolean skipMissing) throws ClassNotFoundException {
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
String[] names = getImplementors(serviceName, loader);
if (names == null)
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java Tue Jul 3 14:55:29 2007
@@ -20,6 +20,7 @@
import java.io.IOException;
import java.io.InputStream;
+import java.security.AccessController;
import java.util.Locale;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
@@ -37,7 +38,8 @@
ClassLoader loader) {
String rsrc = name.replace('.', '/') + ".properties";
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
InputStream in = loader.getResourceAsStream(rsrc);
if (in != null) {
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java Tue Jul 3 14:55:29 2007
@@ -21,6 +21,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.AccessController;
import serp.bytecode.lowlevel.ConstantPoolTable;
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java Tue Jul 3 14:55:29 2007
@@ -20,6 +20,7 @@
import java.io.IOException;
import java.io.InputStream;
+import java.security.AccessController;
import java.util.Locale;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
@@ -39,7 +40,8 @@
ClassLoader loader) {
String rsrc = name.replace('.', '/') + ".properties";
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
InputStream in = loader.getResourceAsStream(rsrc);
if (in == null)
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java Tue Jul 3 14:55:29 2007
@@ -31,6 +31,8 @@
import java.util.Collection;
import java.util.Iterator;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
+
/**
* This class groups together the functionality of java.util.concurrent that
* cannot be fully and reliably implemented in backport, but for which some
@@ -53,15 +55,12 @@
static {
NanoTimer timer = null;
try {
- String nanoTimerClassName = (String)
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- return System.getProperty(providerProp);
- }
- });
+ String nanoTimerClassName = (String)AccessController.doPrivileged(
+ J2DoPrivHelper.getPropertyAction(providerProp));
if (nanoTimerClassName != null) {
Class cls = Class.forName(nanoTimerClassName);
- timer = (NanoTimer) cls.newInstance();
+ timer = (NanoTimer) AccessController.doPrivileged(
+ J2DoPrivHelper.newInstanceAction(cls));
}
} catch (Exception e) {
System.err.println(
Modified: openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java (original)
+++ openjpa/trunk/openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java Tue Jul 3 14:55:29 2007
@@ -22,6 +22,8 @@
import java.io.IOException;
import java.io.Writer;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
+
/**
* The XMLWriter is a writer type for pretty-printing XML.
* It assumes that the streamed XML will be given without any whitespace,
@@ -32,7 +34,7 @@
*/
public class XMLWriter extends FilterWriter {
- private static String _endl = System.getProperty("line.separator");
+ private static String _endl = J2DoPrivHelper.getLineSeparator();
private int _lastChar = ' ';
private int _lastChar2 = ' ';
Modified: openjpa/trunk/openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java (original)
+++ openjpa/trunk/openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java Tue Jul 3 14:55:29 2007
@@ -18,6 +18,7 @@
*/
package org.apache.openjpa.persistence.jdbc;
+import java.security.AccessController;
import java.util.Map;
import org.apache.openjpa.conf.OpenJPAConfiguration;
@@ -26,6 +27,7 @@
import org.apache.openjpa.jdbc.kernel.JDBCStoreManager;
import org.apache.openjpa.lib.conf.AbstractProductDerivation;
import org.apache.openjpa.lib.conf.Configuration;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.persistence.FetchPlan;
import org.apache.openjpa.persistence.PersistenceProductDerivation;
@@ -50,7 +52,8 @@
public void validate()
throws Exception {
// make sure JPA is available
- javax.persistence.EntityManagerFactory.class.getClassLoader();
+ AccessController.doPrivileged(J2DoPrivHelper.getClassLoaderAction(
+ javax.persistence.EntityManagerFactory.class));
}
@Override
Added: openjpa/trunk/openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy?view=auto&rev=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy (added)
+++ openjpa/trunk/openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy Tue Jul 3 14:55:29 2007
@@ -0,0 +1,82 @@
+// Default Java 2 security policy required by OpenJPA.
+
+// ================================================================
+// The following permissions are needed to invoke the 'test' target in OpenJPA maven build.
+
+grant CodeBase "file:///${user.home}/.m2/repository/org/apache/derby/derby/-" {
+
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.util.PropertyPermission "derby.*", "read";
+};
+
+grant CodeBase "file:///${test.basedir}/-" {
+
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+ permission java.io.SerializablePermission "enableSubstitution";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "setIO";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ permission java.util.PropertyPermission "*", "read,write";
+};
+
+grant CodeBase "file:///${user.home}/.m2/repository/-" {
+
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+ permission java.io.SerializablePermission "enableSubstitution";
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "setIO";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ permission java.util.PropertyPermission "*", "read,write";
+};
+
+
+// ================================================================
+// The following permissions are required by OpenJPA implementation.
+grant CodeBase "${application}/openjpa-1.0.0-SNAPSHOT.jar" {
+
+ // class.getClassLoader()
+ // thread.getContextClassLoader()
+ // classloader.getParent()
+ // classloader.getSystemClassLoader()
+ // new serp.bytecode.Code()
+ // serp.bytecode.BCClass.isInstanceOf()
+ // class.newInstance()
+ //
+ permission java.lang.RuntimePermission "getClassLoader";
+
+ // urlConnection.getContext()
+ // url.openStream()
+ // classloader.getResource()
+ // classloader.getResources()
+ // new FileInputStream()
+ // file.exists()
+ //
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+
+ // file.mkdirs()
+ // file.renameTo()
+ // new FileOutputStream()
+ //
+ permission java.io.FilePermission "<<ALL FILES>>", "write";
+
+ // class.getDeclaredField()
+ // class.getDeclaredFields()
+ // class.getDeclaredMethod()
+ // class.getDeclaredMethods()
+ //
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+
+ // System.getProperty()
+ // System.getPrperties()
+ // File.getAbsolutePath()
+ // File.getCanonicalPath()
+ //
+ permission java.util.PropertyPermission "*", "read";
+};
+
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java Tue Jul 3 14:55:29 2007
@@ -28,6 +28,7 @@
import java.lang.reflect.Modifier;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -86,6 +87,7 @@
import org.apache.openjpa.kernel.jpql.JPQLParser;
import org.apache.openjpa.lib.conf.Configurations;
import org.apache.openjpa.lib.log.Log;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.meta.ClassMetaData;
import org.apache.openjpa.meta.DelegatingMetaDataFactory;
@@ -659,14 +661,18 @@
cls = cls.getEnclosingClass();
String rsrc = StringUtils.replace(cls.getName(), ".", "/");
- ClassLoader loader = cls.getClassLoader();
+ ClassLoader loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getClassLoaderAction(cls));
if (loader == null)
- loader = ClassLoader.getSystemClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getSystemClassLoaderAction());
if (loader == null)
return null;
- URL url = loader.getResource(rsrc + ".java");
+ URL url = (URL)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourceAction(loader, rsrc + ".java"));
if (url == null) {
- url = loader.getResource(rsrc + ".class");
+ url = (URL)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourceAction(loader, rsrc + ".class"));
if (url == null)
return null;
}
@@ -750,7 +756,9 @@
else
meta.setDetachedState(detached.fieldName());
} else {
- Field[] fields = meta.getDescribedType().getDeclaredFields();
+ Field[] fields = (Field[])AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredFieldsAction(
+ meta.getDescribedType()));
for (int i = 0; i < fields.length; i++)
if (fields[i].isAnnotationPresent(DetachedState.class))
meta.setDetachedState(fields[i].getName());
@@ -790,7 +798,8 @@
MethodKey key;
Set<MethodKey> seen = new HashSet<MethodKey>();
do {
- for (Method m : sup.getDeclaredMethods()) {
+ for (Method m : (Method[])AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredMethodsAction( sup ))) {
mods = m.getModifiers();
if (Modifier.isStatic(mods) || Modifier.isFinal(mods) ||
Object.class.equals(m.getDeclaringClass()))
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java Tue Jul 3 14:55:29 2007
@@ -25,6 +25,7 @@
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.security.AccessController;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -47,6 +48,7 @@
import javax.persistence.Transient;
import org.apache.commons.lang.StringUtils;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.meta.AbstractMetaDataDefaults;
import org.apache.openjpa.meta.ClassMetaData;
@@ -250,9 +252,11 @@
return ClassMetaData.ACCESS_UNKNOWN;
int access = 0;
- if (usesAccess(cls.getDeclaredFields()))
+ if (usesAccess((Field[])AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredFieldsAction( cls ))))
access |= ClassMetaData.ACCESS_FIELD;
- if (usesAccess(cls.getDeclaredMethods()))
+ if (usesAccess((Method[])AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredMethodsAction( cls ))))
access |= ClassMetaData.ACCESS_PROPERTY;
return (access == 0) ? getAccessType(cls.getSuperclass()) : access;
}
@@ -285,9 +289,11 @@
if (member instanceof Method) {
try {
// check for setters for methods
- Method setter = meta.getDescribedType().getDeclaredMethod("set"
- + StringUtils.capitalize(name), new Class[] {
- ((Method) member).getReturnType() });
+ Method setter = (Method) AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredMethodAction(
+ meta.getDescribedType(), "set" +
+ StringUtils.capitalize(name), new Class[] {
+ ((Method) member).getReturnType() }));
if (setter == null)
return false;
} catch (Exception e) {
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java Tue Jul 3 14:55:29 2007
@@ -21,6 +21,7 @@
import java.io.File;
import java.io.IOException;
import java.net.URL;
+import java.security.AccessController;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -45,6 +46,7 @@
import org.apache.openjpa.lib.meta.ClassArgParser;
import org.apache.openjpa.lib.meta.MetaDataFilter;
import org.apache.openjpa.lib.meta.MetaDataParser;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.lib.util.Options;
import org.apache.openjpa.meta.AbstractCFMetaDataFactory;
@@ -438,10 +440,12 @@
private File defaultXMLFile() {
ClassLoader loader = repos.getConfiguration().
getClassResolverInstance().getClassLoader(getClass(), null);
- URL rsrc = loader.getResource("META-INF/orm.xml");
+ URL rsrc = (URL)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourceAction(loader, "META-INF/orm.xml"));
if (rsrc != null) {
File file = new File(rsrc.getFile());
- if (file.exists())
+ if (((Boolean)AccessController.doPrivileged(
+ J2DoPrivHelper.existsAction( file ))).booleanValue())
return file;
}
return new File("orm.xml");
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java Tue Jul 3 14:55:29 2007
@@ -21,6 +21,8 @@
import java.io.File;
import java.io.IOException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
@@ -42,6 +44,7 @@
import org.apache.openjpa.lib.conf.ProductDerivations;
import org.apache.openjpa.lib.log.Log;
import org.apache.openjpa.lib.meta.XMLMetaDataParser;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
@@ -84,7 +87,8 @@
public void validate()
throws Exception {
// make sure JPA is available
- javax.persistence.EntityManagerFactory.class.getClassLoader();
+ AccessController.doPrivileged(J2DoPrivHelper.getClassLoaderAction(
+ javax.persistence.EntityManagerFactory.class));
}
@Override
@@ -244,14 +248,23 @@
String name, Map m, ClassLoader loader, boolean explicit)
throws IOException {
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
- Enumeration<URL> urls = loader.getResources(rsrc);
- if (!urls.hasMoreElements()) {
- if (!rsrc.startsWith("META-INF"))
- urls = loader.getResources("META-INF/" + rsrc);
- if (!urls.hasMoreElements())
- return null;
+ Enumeration<URL> urls = null;
+ try {
+ urls = (Enumeration)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourcesAction(loader, rsrc));
+ if (!urls.hasMoreElements()) {
+ if (!rsrc.startsWith("META-INF"))
+ urls = (Enumeration)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourcesAction(
+ loader, "META-INF/" + rsrc));
+ if (!urls.hasMoreElements())
+ return null;
+ }
+ } catch( PrivilegedActionException pae ) {
+ throw (IOException)pae.getException();
}
ConfigurationParser parser = new ConfigurationParser(m);
@@ -333,7 +346,8 @@
return true;
if (loader == null)
- loader = Thread.currentThread().getContextClassLoader();
+ loader = (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction());
try {
if (PersistenceProviderImpl.class.isAssignableFrom
(Class.forName(provider, false, loader)))
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java Tue Jul 3 14:55:29 2007
@@ -23,6 +23,7 @@
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -38,6 +39,7 @@
import org.apache.openjpa.lib.conf.Configurations;
import org.apache.openjpa.lib.conf.ProductDerivations;
import org.apache.openjpa.lib.meta.SourceTracker;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.lib.util.MultiClassLoader;
import org.apache.openjpa.lib.util.TemporaryClassLoader;
@@ -91,8 +93,9 @@
}
public ClassLoader getNewTempClassLoader() {
- return new TemporaryClassLoader(Thread.currentThread().
- getContextClassLoader());
+ return new TemporaryClassLoader(
+ (ClassLoader)AccessController.doPrivileged(
+ J2DoPrivHelper.getContextClassLoaderAction()));
}
public String getPersistenceUnitName() {
@@ -201,15 +204,17 @@
MultiClassLoader loader = new MultiClassLoader();
loader.addClassLoader(getClass().getClassLoader());
loader.addClassLoader(MultiClassLoader.THREAD_LOADER);
- URL url = loader.getResource(name);
+ URL url = (URL)AccessController.doPrivileged(
+ J2DoPrivHelper.getResourceAction(loader, name));
if (url != null) {
addJarFile(url);
return;
}
// jar file is not a resource; check classpath
- String[] cp = System.getProperty("java.class.path").
- split(System.getProperty("path.separator"));
+ String[] cp = ((String)AccessController.doPrivileged(
+ J2DoPrivHelper.getPropertyAction("java.class.path")))
+ .split(J2DoPrivHelper.getPathSeparator());
for (int i = 0; i < cp.length; i++) {
if (cp[i].equals(name)
|| cp[i].endsWith(File.separatorChar + name)) {
Modified: openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java (original)
+++ openjpa/trunk/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java Tue Jul 3 14:55:29 2007
@@ -21,6 +21,8 @@
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumSet;
@@ -45,6 +47,7 @@
import org.apache.openjpa.lib.conf.Configurations;
import org.apache.openjpa.lib.log.Log;
import org.apache.openjpa.lib.meta.CFMetaDataParser;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.util.Localizer;
import org.apache.openjpa.meta.ClassMetaData;
import org.apache.openjpa.meta.DelegatingMetaDataFactory;
@@ -1096,22 +1099,29 @@
String cap = StringUtils.capitalize(name);
type = meta.getDescribedType();
try {
- member = type.getDeclaredMethod("get" + cap,
- (Class[]) null); // varargs disambiguate
+ member = (Method) AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredMethodAction(
+ type, "get" + cap,
+ (Class[]) null));// varargs disambiguate
} catch (Exception excep) {
try {
- member = type.getDeclaredMethod("is" + cap,
- (Class[]) null);
+ member = (Method) AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredMethodAction(
+ type, "is" + cap, (Class[]) null));
} catch (Exception excep2) {
throw excep;
}
}
type = ((Method) member).getReturnType();
} else {
- member = meta.getDescribedType().getDeclaredField(name);
+ member = (Field) AccessController.doPrivileged(
+ J2DoPrivHelper.getDeclaredFieldAction(
+ meta.getDescribedType(), name));
type = ((Field) member).getType();
}
} catch (Exception e) {
+ if (e instanceof PrivilegedActionException)
+ e = ((PrivilegedActionException)e).getException();
throw getException(_loc.get("invalid-attr", name, meta), e);
}
Modified: openjpa/trunk/openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java
URL: http://svn.apache.org/viewvc/openjpa/trunk/openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java (original)
+++ openjpa/trunk/openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java Tue Jul 3 14:55:29 2007
@@ -30,6 +30,7 @@
import java.lang.reflect.Constructor;
import java.math.BigDecimal;
import java.math.BigInteger;
+import java.security.AccessController;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -45,6 +46,7 @@
import org.xml.sax.helpers.DefaultHandler;
import org.apache.openjpa.enhance.PCRegistry;
import org.apache.openjpa.lib.util.Base16Encoder;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
import org.apache.openjpa.lib.xml.XMLFactory;
import org.apache.openjpa.lib.xml.XMLWriter;
import org.apache.openjpa.meta.ClassMetaData;
@@ -78,7 +80,10 @@
*/
public Collection load(ClassMetaData meta) {
File f = getFile(meta);
- if (!f.exists() || f.length() == 0)
+ if (!((Boolean)AccessController.doPrivileged(
+ J2DoPrivHelper.existsAction( f ))).booleanValue() ||
+ ((Long)AccessController.doPrivileged(
+ J2DoPrivHelper.lengthAction( f ))).longValue() == 0)
return Collections.EMPTY_SET;
try {
return read(f);
@@ -128,8 +133,10 @@
throw new InternalException();
File f = getFile(meta);
- if (!f.getParentFile().exists())
- f.getParentFile().mkdirs();
+ if (!((Boolean)AccessController.doPrivileged(
+ J2DoPrivHelper.existsAction( f.getParentFile() ))).booleanValue())
+ AccessController.doPrivileged(
+ J2DoPrivHelper.mkdirsAction( f.getParentFile() ));
FileWriter fw = null;
try {
Modified: openjpa/trunk/pom.xml
URL: http://svn.apache.org/viewvc/openjpa/trunk/pom.xml?view=diff&rev=552996&r1=552995&r2=552996
==============================================================================
--- openjpa/trunk/pom.xml (original)
+++ openjpa/trunk/pom.xml Tue Jul 3 14:55:29 2007
@@ -211,6 +211,18 @@
</activation>
</profile>
+ <profile>
+ <id>enable-security</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
+ <properties>
+ <test.env>-Dtest.basedir=${basedir}/..</test.env>
+ <policy.file>${basedir}/../openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy</policy.file>
+ <surefire.jvm.args>-Djava.security.manager -Djava.security.policy=${policy.file} ${test.env}</surefire.jvm.args>
+ </properties>
+ </profile>
+
</profiles>
<repositories>
@@ -277,6 +289,7 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>2.2</version>
<configuration>
+ <argLine>${surefire.jvm.args}</argLine>
<useFile>false</useFile>
<trimStackTrace>false</trimStackTrace>
<useSystemClassLoader>true</useSystemClassLoader>