]
Randall Hauch updated DNA-499:
------------------------------
Fix Version/s: 0.7
(was: 0.6)
Pushing to 0.7, as discussed above.
Wrap system access, context class loader access, and reflection with
doPrivileged
---------------------------------------------------------------------------------
Key: DNA-499
URL:
https://jira.jboss.org/jira/browse/DNA-499
Project: DNA
Issue Type: Bug
Components: API, Common, Connectors, Examples, Federation, Graph, JCR, Maven
Classloader, Sequencers
Affects Versions: 0.5
Reporter: Randall Hauch
Assignee: Vijay Kiran Duvvuri
Fix For: 0.7
Attachments: DNA-499.1.patch
Several activities should make use of the Java SecurityManager to ensure the caller has
the appropriate privileges to perform the activity. These activities should be wrapped in
a block such as the following:
String lineSeparator = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return System.getProperty("line.separator");
}
}
);
obviously with the correct generic type for whatever is being returned from the run.
(Nice and concise, huh? Ugh.)
We need to go through all of the (non-test) code and add this checking (if it is not
already there) when the following types of activities are performed:
- System.getProperty
- System.setProperty
- Thread.currentThread().getContextClassLoader()
- All code executed via reflection
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: