Wrap system access, context class loader access, and reflection with doPrivileged --------------------------------------------------------------------------------- Key: DNA-499 URL: https://jira.jboss.org/jira/browse/DNA-499 Project: DNA Issue Type: Bug Components: API, Common, Connectors, Examples, Federation, Graph, JCR, Maven Classloader, Sequencers Affects Versions: 0.5 Reporter: Randall Hauch Fix For: 0.6 Several activities should make use of the Java SecurityManager to ensure the caller has the appropriate privileges to perform the activity. These activities should be wrapped in a block such as the following: String lineSeparator = java.security.AccessController.doPrivileged( new java.security.PrivilegedAction<String>() { public String run() { return System.getProperty("line.separator"); } } ); obviously with the correct generic type for whatever is being returned from the run. (Nice and concise, huh? Ugh.) We need to go through all of the (non-test) code and add this checking (if it is not already there) when the following types of activities are performed: - System.getProperty - System.setProperty - Thread.currentThread().getContextClassLoader() - All code executed via reflection -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira