]
Vijay Kiran Duvvuri updated DNA-499:
------------------------------------
Attachment: DNA-499.1.patch
First patch wrapping Thread.currentThread.getContenxtClassLoader() with PrivilegedAction.
If the patch is fine, then I'll continue and submit patch for reflection methods.
Wrap system access, context class loader access, and reflection with
doPrivileged
---------------------------------------------------------------------------------
Key: DNA-499
URL:
https://jira.jboss.org/jira/browse/DNA-499
Project: DNA
Issue Type: Bug
Components: API, Common, Connectors, Examples, Federation, Graph, JCR, Maven
Classloader, Sequencers
Affects Versions: 0.5
Reporter: Randall Hauch
Assignee: Vijay Kiran Duvvuri
Fix For: 0.6
Attachments: DNA-499.1.patch
Several activities should make use of the Java SecurityManager to ensure the caller has
the appropriate privileges to perform the activity. These activities should be wrapped in
a block such as the following:
String lineSeparator = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty("line.separator");
}
}
);
obviously with the correct generic type for whatever is being returned from the run.
(Nice and concise, huh? Ugh.)
We need to go through all of the (non-test) code and add this checking (if it is not
already there) when the following types of activities are performed:
- System.getProperty
- System.setProperty
- Thread.currentThread().getContextClassLoader()
- All code executed via reflection
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: