Index: pom.xml =================================================================== --- pom.xml (revision 548475) +++ pom.xml (working copy) @@ -7,15 +7,15 @@ to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations - under the License. + under the License. --> openjpa-persistence-jdbc openjpa-kernel-5 openjpa-jdbc-5 - openjpa-xmlmapping-5 + openjpa-xmlmapping-5 openjpa-examples @@ -168,10 +168,10 @@ - + --> javadoc-profile @@ -212,6 +212,18 @@ + + enable-security + + false + + + -Dtest.basedir=${basedir}/.. + ${basedir}/../openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy + -Djava.security.manager -Djava.security.policy=${policy.file} ${test.env} + + + @@ -221,9 +233,9 @@ http://www.ibiblio.org/maven2 - java.net - https://maven-repository.dev.java.net/nonav/repository - legacy + java.net + https://maven-repository.dev.java.net/nonav/repository + legacy @@ -278,6 +290,7 @@ maven-surefire-plugin 2.2 + ${surefire.jvm.args} false false true Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/sql/DBDictionaryFactory.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/sql/DBDictionaryFactory.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/sql/DBDictionaryFactory.java (working copy) @@ -18,6 +18,8 @@ */ package org.apache.openjpa.jdbc.sql; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.SQLException; @@ -27,6 +29,7 @@ import org.apache.openjpa.jdbc.conf.JDBCConfiguration; import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.StoreException; import org.apache.openjpa.util.UserException; @@ -117,9 +120,15 @@ String dclass, String props, Connection conn) { DBDictionary dict = null; try { - dict = (DBDictionary) Class.forName(dclass, true, - DBDictionary.class.getClassLoader()).newInstance(); + Class c = Class.forName(dclass, true, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + DBDictionary.class))); + dict = (DBDictionary)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new UserException(e).setFatal(true); } @@ -236,7 +245,7 @@ */ public static String toString(DatabaseMetaData meta) throws SQLException { - String lineSep = System.getProperty("line.separator"); + String lineSep = J2DoPrivHelper.getLineSeparator(); StringBuffer buf = new StringBuffer(); try { buf.append("catalogSeparator: ") Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/SimpleDriverDataSource.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/SimpleDriverDataSource.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/SimpleDriverDataSource.java (working copy) @@ -19,6 +19,8 @@ package org.apache.openjpa.jdbc.schema; import java.io.PrintWriter; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.Connection; import java.sql.Driver; import java.sql.DriverManager; @@ -27,6 +29,7 @@ import java.util.Properties; import org.apache.openjpa.jdbc.sql.DBDictionary; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.util.StoreException; /** @@ -166,12 +169,16 @@ } try { - _driver = (Driver) Class.forName(_connectionDriverName, - true, _classLoader).newInstance(); + Class c = Class.forName(_connectionDriverName, + true, _classLoader); + _driver = (Driver)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); return _driver; } catch (Exception e) { if (e instanceof RuntimeException) throw(RuntimeException) e; + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new StoreException(e); } } Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/DataSourceFactory.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/DataSourceFactory.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/DataSourceFactory.java (working copy) @@ -18,6 +18,7 @@ */ package org.apache.openjpa.jdbc.schema; +import java.security.AccessController; import java.sql.Connection; import java.sql.Driver; import java.sql.SQLException; @@ -39,6 +40,7 @@ import org.apache.openjpa.lib.jdbc.JDBCListener; import org.apache.openjpa.lib.jdbc.LoggingConnectionDecorator; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.util.ImplHelper; @@ -110,7 +112,9 @@ // see if their driver name is actually a data source if (DataSource.class.isAssignableFrom(driverClass)) { return (DataSource) Configurations.newInstance(driver, - conf, props, DataSource.class.getClassLoader()); + conf, props, (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + DataSource.class))); } } catch (OpenJPAException ke) { Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/FileSchemaFactory.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/FileSchemaFactory.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/schema/FileSchemaFactory.java (working copy) @@ -21,11 +21,13 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.security.AccessController; import org.apache.openjpa.jdbc.conf.JDBCConfiguration; import org.apache.openjpa.lib.conf.Configurable; import org.apache.openjpa.lib.conf.Configuration; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.util.GeneralException; /** @@ -77,7 +79,8 @@ } public SchemaGroup readSchema() { - URL url = _loader.getResource(_fileName); + URL url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(_loader, _fileName)); if (url == null) return new SchemaGroup(); Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/ReverseMappingToolTask.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/ReverseMappingToolTask.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/ReverseMappingToolTask.java (working copy) @@ -20,6 +20,9 @@ import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Properties; import org.apache.commons.lang.StringUtils; @@ -33,6 +36,7 @@ import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.util.CodeFormat; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.tools.ant.types.EnumeratedAttribute; /** @@ -234,14 +238,25 @@ // load customizer properties Properties customProps = new Properties(); File propsFile = Files.getFile(customizerProperties, loader); - if (propsFile != null && propsFile.exists()) - customProps.load(new FileInputStream(propsFile)); + if (propsFile != null && ((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( propsFile ))).booleanValue() ) { + FileInputStream fis = null; + try { + fis = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(propsFile)); + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); + } + customProps.load(fis); + } // create and configure customizer JDBCConfiguration conf = (JDBCConfiguration) getConfiguration(); flags.customizer = (ReverseCustomizer) Configurations. newInstance(customizerClass, conf, null, - ReverseCustomizer.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + ReverseCustomizer.class))); if (flags.customizer != null) flags.customizer.setConfiguration(customProps); Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/MappingToolTask.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/MappingToolTask.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/ant/MappingToolTask.java (working copy) @@ -18,6 +18,8 @@ */ package org.apache.openjpa.jdbc.ant; +import java.security.AccessController; + import org.apache.tools.ant.BuildException; import org.apache.tools.ant.types.EnumeratedAttribute; import org.apache.openjpa.jdbc.conf.JDBCConfiguration; @@ -27,6 +29,7 @@ import org.apache.openjpa.lib.ant.AbstractTask; import org.apache.openjpa.lib.conf.ConfigurationImpl; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.MultiLoaderClassResolver; @@ -183,7 +186,8 @@ MultiLoaderClassResolver resolver = new MultiLoaderClassResolver(); resolver.addClassLoader(loader); - resolver.addClassLoader(MappingTool.class.getClassLoader()); + resolver.addClassLoader((ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(MappingTool.class))); JDBCConfiguration conf = (JDBCConfiguration) getConfiguration(); conf.setClassResolver(resolver); Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/conf/MappingRepositoryValue.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/conf/MappingRepositoryValue.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/conf/MappingRepositoryValue.java (working copy) @@ -19,10 +19,13 @@ package org.apache.openjpa.jdbc.conf; import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; import org.apache.openjpa.jdbc.meta.MappingRepository; import org.apache.openjpa.lib.conf.Configuration; import org.apache.openjpa.lib.conf.PluginValue; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + import serp.util.Strings; /** @@ -44,7 +47,9 @@ // since the MappingRepository takes a JDBConfiguration constructor, // we need to manually perform the instantiation try { - Class cls = Strings.toClass(clsName, type.getClassLoader()); + Class cls = Strings.toClass(clsName, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(type))); return cls.getConstructor(new Class[]{ JDBCConfiguration.class }). newInstance(new Object[]{ conf }); } catch (RuntimeException e) { Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingRepository.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingRepository.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingRepository.java (working copy) @@ -19,6 +19,8 @@ package org.apache.openjpa.jdbc.meta; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.Types; import java.util.Collection; import java.util.HashMap; @@ -70,6 +72,7 @@ import org.apache.openjpa.jdbc.sql.JoinSyntaxes; import org.apache.openjpa.lib.conf.Configurable; import org.apache.openjpa.lib.conf.Configurations; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.FieldMetaData; @@ -446,12 +449,18 @@ try { if (strat == null) strat = JavaTypes.classForName(name, cls, - ClassStrategy.class.getClassLoader()); - ClassStrategy strategy = (ClassStrategy) strat.newInstance(); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + ClassStrategy.class))); + ClassStrategy strategy = + (ClassStrategy)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(strat)); Configurations.configureInstance(strategy, getConfiguration(), props); return strategy; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new MetaDataException(_loc.get("bad-cls-strategy", cls, name), e); } @@ -474,9 +483,12 @@ name = Configurations.getClassName(name); try { Class c = JavaTypes.classForName(name, field, - FieldStrategy.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(FieldStrategy.class))); if (FieldStrategy.class.isAssignableFrom(c)) { - FieldStrategy strat = (FieldStrategy) c.newInstance(); + FieldStrategy strat = (FieldStrategy) + AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); Configurations.configureInstance(strat, getConfiguration(), props); return strat; @@ -484,13 +496,16 @@ // must be named handler if (installHandlers) { - ValueHandler vh = (ValueHandler) c.newInstance(); + ValueHandler vh = (ValueHandler)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); Configurations.configureInstance(vh, getConfiguration(), props); field.setHandler(vh); } return new HandlerFieldStrategy(); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException )e).getException(); throw new MetaDataException(_loc.get("bad-field-strategy", field, name), e); } @@ -541,13 +556,18 @@ if (strat == null) strat = JavaTypes.classForName(name, discrim.getClassMapping(), - DiscriminatorStrategy.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + DiscriminatorStrategy.class))); DiscriminatorStrategy strategy = (DiscriminatorStrategy) - strat.newInstance(); + AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(strat)); Configurations.configureInstance(strategy, getConfiguration(), props); return strategy; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException )e).getException(); throw new MetaDataException(_loc.get("bad-discrim-strategy", discrim.getClassMapping(), name), e); } @@ -598,7 +618,9 @@ if (strat == null) strat = JavaTypes.classForName(name, version.getClassMapping(), - VersionStrategy.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + VersionStrategy.class))); } catch (Exception e) { throw new MetaDataException(_loc.get("bad-version-strategy", version.getClassMapping(), name), e); @@ -613,11 +635,15 @@ protected VersionStrategy instantiateVersionStrategy(Class strat, Version version, String props) { try { - VersionStrategy strategy = (VersionStrategy) strat.newInstance(); + VersionStrategy strategy = (VersionStrategy) + AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(strat)); Configurations.configureInstance(strategy, getConfiguration(), props); return strategy; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException )e).getException(); throw new MetaDataException(_loc.get("bad-version-strategy", version.getClassMapping(), strat + ""), e); } @@ -914,11 +940,16 @@ String props = Configurations.getProperties(name); name = Configurations.getClassName(name); try { - Object o = JavaTypes.classForName(name, val, - FieldStrategy.class.getClassLoader()).newInstance(); + Class c = JavaTypes.classForName(name, val, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(FieldStrategy.class))); + Object o = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); Configurations.configureInstance(o, getConfiguration(), props); return o; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException )e).getException(); throw new MetaDataException(_loc.get("bad-mapped-strategy", val, name), e); } @@ -937,15 +968,19 @@ name = Configurations.getClassName(name); try { Class c = JavaTypes.classForName(name, val, - ValueHandler.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(ValueHandler.class))); if (ValueHandler.class.isAssignableFrom(c)) { - ValueHandler vh = (ValueHandler) c.newInstance(); + ValueHandler vh = (ValueHandler)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(c)); Configurations.configureInstance(vh, getConfiguration(), props); return vh; } return null; // named field strategy } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException )e).getException(); throw new MetaDataException(_loc.get("bad-value-handler", val, name), e); } Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java (working copy) @@ -21,10 +21,13 @@ import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.StringWriter; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.SQLException; import java.sql.Types; import java.util.ArrayList; @@ -77,6 +80,7 @@ import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.util.CodeFormat; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.meta.ClassMetaData; @@ -1785,9 +1789,18 @@ File customFile = Files.getFile (opts.removeProperty("customizerProperties", "cp", null), null); Properties customProps = new Properties(); - if (customFile != null && customFile.exists()) - customProps.load(new FileInputStream(customFile)); - + if (customFile != null && ((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( customFile ))).booleanValue()) { + FileInputStream fis = null; + try { + fis = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(customFile)); + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); + } + customProps.load(fis); + } + // separate the properties for the customizer and code format Options customOpts = new Options(); Options formatOpts = new Options(); Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingTool.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingTool.java (revision 548475) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/MappingTool.java (working copy) @@ -22,6 +22,8 @@ import java.io.IOException; import java.io.PrintWriter; import java.io.Writer; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.SQLException; import java.util.Arrays; import java.util.Collection; @@ -51,6 +53,7 @@ import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.meta.ClassArgParser; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.Services; @@ -1075,9 +1078,12 @@ Class[] types = Services.getImplementorClasses(ImportExport.class); ImportExport[] instances = new ImportExport[types.length]; for (int i = 0; i < types.length; i++) - instances[i] = (ImportExport) types[i].newInstance(); + instances[i] = (ImportExport)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(types[i])); return instances; } catch (Throwable t) { + if (t instanceof PrivilegedActionException) + t = ((PrivilegedActionException)t).getException(); throw new InternalException(_loc.get("importexport-instantiate"),t); } } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/xml/XMLWriter.java (working copy) @@ -22,6 +22,8 @@ import java.io.IOException; import java.io.Writer; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * The XMLWriter is a writer type for pretty-printing XML. * It assumes that the streamed XML will be given without any whitespace, @@ -32,7 +34,7 @@ */ public class XMLWriter extends FilterWriter { - private static String _endl = System.getProperty("line.separator"); + private static String _endl = J2DoPrivHelper.getLineSeparator(); private int _lastChar = ' '; private int _lastChar2 = ' '; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogFactoryImpl.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogFactoryImpl.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogFactoryImpl.java (working copy) @@ -24,6 +24,8 @@ import java.io.PrintStream; import java.io.PrintWriter; import java.io.StringWriter; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -32,6 +34,7 @@ import org.apache.openjpa.lib.conf.Configuration; import org.apache.openjpa.lib.conf.GenericConfigurable; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.concurrent.ConcurrentHashMap; @@ -57,7 +60,7 @@ public static final String STDOUT = "stdout"; public static final String STDERR = "stderr"; - private static final String NEWLINE = System.getProperty("line.separator"); + private static final String NEWLINE = J2DoPrivHelper.getLineSeparator(); /** * The time at which this factory was initialized. @@ -179,8 +182,15 @@ else { File f = Files.getFile(file, null); try { - _out = new PrintStream(new FileOutputStream - (f.getCanonicalPath(), true)); + _out = new PrintStream((FileOutputStream) + AccessController.doPrivileged( + J2DoPrivHelper.newFileOutputStreamAction( + (String)AccessController.doPrivileged( + J2DoPrivHelper.getCanonicalPathAction( f )), + true))); + } catch( PrivilegedActionException pae ) { + throw new IllegalArgumentException(_loc.get("log-bad-file", + file) + " " + pae.getException()); } catch (IOException ioe) { throw new IllegalArgumentException(_loc.get("log-bad-file", file) + " " + ioe.toString()); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogOutputStream.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogOutputStream.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/log/LogOutputStream.java (working copy) @@ -23,6 +23,8 @@ import java.io.OutputStream; import java.util.StringTokenizer; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * Many standard components log to {@link OutputStream}s. * This wrapper class extends the {@link ByteArrayOutputStream} @@ -33,7 +35,7 @@ */ public class LogOutputStream extends ByteArrayOutputStream { - private static final String _sep = System.getProperty("line.separator"); + private static final String _sep = J2DoPrivHelper.getLineSeparator(); private final int _level; private final Log _log; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java (working copy) @@ -14,11 +14,12 @@ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations - * under the License. + * under the License. */ package org.apache.openjpa.lib.ant; import java.io.File; +import java.security.AccessController; import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -33,17 +34,18 @@ import org.apache.openjpa.lib.conf.ConfigurationImpl; import org.apache.openjpa.lib.conf.ConfigurationProvider; import org.apache.openjpa.lib.conf.ProductDerivations; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; /** * Ant tasks all have a nested <config&rt; tag, which uses * the configuration as a bean-like task. E.g., you can do: - * - * + * + * * <mytask&rt;
- *   <config connectionUserName="foo"/&rt;
+ *   <config connectionUserName="foo"/&rt;
* </mytask&rt; - * + * * * The default configuration for the system will be used if the * <config&rt; subtask is excluded. @@ -159,7 +161,8 @@ _conf = newConfiguration(); if (_conf.getPropertiesResource() == null) { ConfigurationProvider cp = ProductDerivations.loadDefaults - (_conf.getClass().getClassLoader()); + ((ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(_conf.getClass()))); if (cp != null) cp.setInto(_conf); } @@ -188,7 +191,8 @@ File f = new File(dsFiles[j]); if (!f.isFile()) f = new File(ds.getBasedir(), dsFiles[j]); - files.add(f.getAbsolutePath()); + files.add((String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( f ))); } } return (String[]) files.toArray(new String[files.size()]); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/LoggingConnectionDecorator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/LoggingConnectionDecorator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/LoggingConnectionDecorator.java (working copy) @@ -45,6 +45,7 @@ import java.util.List; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; /** * A {@link ConnectionDecorator} that creates logging connections and @@ -55,7 +56,7 @@ */ public class LoggingConnectionDecorator implements ConnectionDecorator { - private static final String SEP = System.getProperty("line.separator"); + private static final String SEP = J2DoPrivHelper.getLineSeparator(); private static final int WARN_IGNORE = 0; private static final int WARN_LOG_TRACE = 1; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/SQLFormatter.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/SQLFormatter.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/jdbc/SQLFormatter.java (working copy) @@ -23,6 +23,8 @@ import java.util.List; import java.util.StringTokenizer; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /* * Lots of this could be abstracted out into a word-wrapping class. */ @@ -46,7 +48,7 @@ private boolean multiLine = false; private boolean doubleSpace = true; - private String newline = System.getProperty("line.separator"); + private String newline = J2DoPrivHelper.getLineSeparator(); private int lineLength = 72; private String wrapIndent = " "; private String clauseIndent = " "; @@ -152,7 +154,7 @@ buf.append(prettyPrintLine(line)); for (int i = 0; i < 1 + (getDoubleSpace() ? 1 : 0); i++) - buf.append(System.getProperty("line.separator")); + buf.append(J2DoPrivHelper.getLineSeparator()); } return buf.toString(); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ObjectValue.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ObjectValue.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ObjectValue.java (working copy) @@ -18,7 +18,10 @@ */ package org.apache.openjpa.lib.conf; +import java.security.AccessController; + import org.apache.commons.lang.ObjectUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.ReferenceMap; import org.apache.openjpa.lib.util.concurrent.ConcurrentReferenceHashMap; @@ -94,9 +97,11 @@ boolean fatal) { ClassLoader cl = (ClassLoader) _classloaderCache.get(type); if (cl == null) { - cl = type.getClassLoader(); + cl = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(type)); if (cl == null) { // System classloader is returned as null - cl = ClassLoader.getSystemClassLoader(); + cl = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getSystemClassLoaderAction()); } _classloaderCache.put(type, cl); } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/FileValue.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/FileValue.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/FileValue.java (working copy) @@ -19,8 +19,10 @@ package org.apache.openjpa.lib.conf; import java.io.File; +import java.security.AccessController; import org.apache.commons.lang.ObjectUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; /** * A {@link File} {@link Value}. @@ -57,7 +59,8 @@ } protected String getInternalString() { - return (value == null) ? null : value.getAbsolutePath(); + return (value == null) ? null : (String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( value )); } protected void setInternalString(String val) { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ProductDerivations.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ProductDerivations.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ProductDerivations.java (working copy) @@ -19,6 +19,8 @@ package org.apache.openjpa.lib.conf; import java.io.File; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -27,6 +29,7 @@ import java.util.MissingResourceException; import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Services; @@ -46,17 +49,22 @@ private static final Throwable[] _derivationErrors; private static String[] _prefixes; static { - ClassLoader l = ProductDerivation.class.getClassLoader(); + ClassLoader l = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(ProductDerivation.class)); _derivationNames = Services.getImplementors(ProductDerivation.class, l); _derivationErrors = new Throwable[_derivationNames.length]; List derivations = new ArrayList(_derivationNames.length); for (int i = 0; i < _derivationNames.length; i++) { try { - ProductDerivation d = (ProductDerivation) Class. - forName(_derivationNames[i], true, l).newInstance(); + ProductDerivation d = (ProductDerivation) + AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + Class.forName(_derivationNames[i], true, l))); d.validate(); derivations.add(d); } catch (Throwable t) { + if (t instanceof PrivilegedActionException) + t = ((PrivilegedActionException)t).getException(); _derivationErrors[i] = t; } } @@ -227,7 +235,8 @@ if (StringUtils.isEmpty(resource)) return null; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); ConfigurationProvider provider = null; StringBuffer errs = null; // most specific to least @@ -257,7 +266,8 @@ if (file == null) return null; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); ConfigurationProvider provider = null; StringBuffer errs = null; // most specific to least @@ -271,9 +281,11 @@ errs.append(_derivations[i].getClass().getName() + ":" + t); } } - reportErrors(errs, file.getAbsolutePath()); - throw new MissingResourceException(file.getAbsolutePath(), - ProductDerivations.class.getName(), file.getAbsolutePath()); + String aPath = (String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( file )); + reportErrors(errs, aPath); + throw new MissingResourceException(aPath, + ProductDerivations.class.getName(), aPath); } /** @@ -296,7 +308,8 @@ private static ConfigurationProvider load(ClassLoader loader, boolean globals) { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); ConfigurationProvider provider = null; StringBuffer errs = null; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java (working copy) @@ -39,6 +39,7 @@ import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -57,6 +58,7 @@ import org.apache.openjpa.lib.log.LogFactoryImpl; import org.apache.openjpa.lib.log.NoneLogFactory; import org.apache.openjpa.lib.util.Closeable; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.MultiClassLoader; import org.apache.openjpa.lib.util.ParseException; @@ -99,7 +101,7 @@ public class ConfigurationImpl implements Configuration, Externalizable, ValueListener { - private static final String SEP = System.getProperty("line.separator"); + private static final String SEP = J2DoPrivHelper.getLineSeparator(); private static final Localizer _loc = Localizer.forPackage (ConfigurationImpl.class); @@ -163,7 +165,8 @@ */ public boolean loadGlobals() { MultiClassLoader loader = new MultiClassLoader(); - loader.addClassLoader(Thread.currentThread().getContextClassLoader()); + loader.addClassLoader((ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction())); loader.addClassLoader(getClass().getClassLoader()); ConfigurationProvider provider = ProductDerivations.loadGlobals(loader); if (provider != null) @@ -171,7 +174,9 @@ // let system properties override other globals try { - fromProperties(new HashMap(System.getProperties())); + fromProperties(new HashMap( + (Properties)AccessController.doPrivileged( + J2DoPrivHelper.getPropertiesAction()))); } catch (SecurityException se) { // security manager might disallow } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java (working copy) @@ -19,6 +19,8 @@ package org.apache.openjpa.lib.conf; import java.io.File; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Arrays; import java.util.Collection; import java.util.Iterator; @@ -34,6 +36,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.exception.NestableRuntimeException; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.ParseException; @@ -206,8 +209,12 @@ } try { - return cls.newInstance(); + return AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(cls)); } catch (Exception e) { + if( e instanceof PrivilegedActionException) { + e = ((PrivilegedActionException)e).getException(); + } RuntimeException re = new NestableRuntimeException(_loc.get ("obj-create", cls).getMessage(), e); if (fatal) @@ -229,25 +236,33 @@ // we always prefer the thread loader, because it's the only thing we // can access that isn't bound to the OpenJPA classloader, unless // the conf object is of a custom class - ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader(); + ClassLoader ctxLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); if (loader == null) { if (ctxLoader != null) return ctxLoader; if (conf != null) - return conf.getClass().getClassLoader(); + return (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(conf.getClass())); return Configurations.class.getClassLoader(); } for (ClassLoader parent = ctxLoader; parent != null; - parent = parent.getParent()) { + parent = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getParentAction( parent ))) { if (parent == loader) return ctxLoader; } if (conf != null) { - for (ClassLoader parent = conf.getClass().getClassLoader(); - parent != null; parent = parent.getParent()) { + for (ClassLoader parent = (ClassLoader) + AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(conf.getClass())); + parent != null; + parent = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getParentAction( parent ))) { if (parent == loader) - return conf.getClass().getClassLoader(); + return (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(conf.getClass())); } } return loader; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/SourceTrackers.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/SourceTrackers.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/SourceTrackers.java (working copy) @@ -18,6 +18,9 @@ */ package org.apache.openjpa.lib.meta; +import java.security.AccessController; + +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; /** @@ -30,7 +33,7 @@ private static final Localizer _loc = Localizer.forPackage(SourceTrackers.class); - private static final String SEP = System.getProperty("line.separator"); + private static final String SEP = J2DoPrivHelper.getLineSeparator(); /** * Create a message appropriate for display to the user describing @@ -46,7 +49,9 @@ for (int i = 0; i < trackers.length; i++) { sourceFilePath = (trackers[i].getSourceFile() == null ? _loc.get("source-tracker-file-unknown").getMessage() : - trackers[i].getSourceFile().getAbsolutePath()); + (String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( + trackers[i].getSourceFile()))); buf.append(" ").append(_loc.get( "source-trackers-location-line-item", trackers[i].getResourceName(), sourceFilePath)); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java (working copy) @@ -23,11 +23,14 @@ import java.io.InputStream; import java.net.URL; import java.net.URLDecoder; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; import java.util.NoSuchElementException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.MultiClassLoader; /** @@ -61,11 +64,16 @@ loader = multi; } - Enumeration e = loader.getResources(rsrc); - while (e.hasMoreElements()) { - if (_urls == null) - _urls = new ArrayList(3); - _urls.add(e.nextElement()); + try { + Enumeration e = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction(loader, rsrc)); + while (e.hasMoreElements()) { + if (_urls == null) + _urls = new ArrayList(3); + _urls.add(e.nextElement()); + } + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); } } @@ -82,7 +90,12 @@ public InputStream getInputStream() throws IOException { if (_url == -1 || _url >= _urls.size()) throw new IllegalStateException(); - return ((URL) _urls.get(_url)).openStream(); + try { + return (InputStream)AccessController.doPrivileged( + J2DoPrivHelper.openStreamAction((URL) _urls.get(_url))); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } public File getFile() throws IOException { @@ -90,7 +103,8 @@ throw new IllegalStateException(); File file = new File(URLDecoder.decode(((URL) _urls.get(_url)). getFile())); - return (file.exists()) ? file : null; + return (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) ? file :null; } public void close() { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/CFMetaDataParser.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/CFMetaDataParser.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/CFMetaDataParser.java (working copy) @@ -18,7 +18,10 @@ */ package org.apache.openjpa.lib.meta; +import java.security.AccessController; + import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.xml.sax.Attributes; import org.xml.sax.SAXException; @@ -295,7 +298,8 @@ return null; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); boolean fullName = name.indexOf('.') != -1; boolean noPackage = StringUtils.isEmpty(pkg); try { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassArgParser.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassArgParser.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassArgParser.java (working copy) @@ -21,11 +21,14 @@ import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Reader; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -36,6 +39,7 @@ import org.apache.commons.lang.exception.NestableRuntimeException; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import serp.bytecode.lowlevel.ConstantPoolTable; import serp.util.Strings; @@ -210,7 +214,8 @@ return new String[]{ getFromClassFile(file) }; if (arg.endsWith(".java")) return new String[]{ getFromJavaFile(file) }; - if (file.exists()) { + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) { Collection col = getFromMetaDataFile(file); return (String[]) col.toArray(new String[col.size()]); } @@ -295,8 +300,11 @@ private String getFromClassFile(File file) throws IOException { FileInputStream fin = null; try { - fin = new FileInputStream(file); + fin = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(file)); return getFromClass(fin); + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); } finally { if (fin != null) try { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/URLMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/URLMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/URLMetaDataIterator.java (working copy) @@ -23,7 +23,11 @@ import java.io.InputStream; import java.net.URL; import java.net.URLDecoder; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * Iterator over the metadata resource represented by a URL. * @@ -59,7 +63,12 @@ throw new IllegalStateException(); if (_url == null) return null; - return _url.openStream(); + try { + return (InputStream)AccessController.doPrivileged( + J2DoPrivHelper.openStreamAction(_url)); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } public File getFile() { @@ -68,7 +77,8 @@ if (_url == null) return null; File file = new File(URLDecoder.decode(_url.getPath())); - return (file.exists()) ? file : null; + return (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) ? file:null; } public void close() { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ZipFileMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ZipFileMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ZipFileMetaDataIterator.java (working copy) @@ -24,11 +24,15 @@ import java.io.InputStream; import java.net.URL; import java.net.URLConnection; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Enumeration; import java.util.NoSuchElementException; import java.util.zip.ZipEntry; import java.util.zip.ZipFile; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * Iterator over all metadata resources in a given zip file. * @@ -54,7 +58,12 @@ } else { URLConnection con = url.openConnection(); con.setDefaultUseCaches(false); - _file = (ZipFile) con.getContent(); + try { + _file = (ZipFile) AccessController.doPrivileged( + J2DoPrivHelper.getContentAction(con)); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } _filter = filter; _entries = (_file == null) ? null : _file.entries(); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java (working copy) @@ -23,6 +23,7 @@ import java.io.InputStreamReader; import java.io.Reader; import java.net.URL; +import java.security.AccessController; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -42,6 +43,7 @@ import org.xml.sax.ext.LexicalHandler; import org.xml.sax.helpers.DefaultHandler; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.util.Localizer.Message; import org.apache.openjpa.lib.util.Localizer; @@ -629,7 +631,8 @@ if (_loader != null) return _loader; if (_curLoader == null) - _curLoader = Thread.currentThread().getContextClassLoader(); + _curLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); return _curLoader; } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java (working copy) @@ -23,12 +23,15 @@ import java.io.InputStream; import java.net.URL; import java.net.URLDecoder; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; import java.util.List; import java.util.NoSuchElementException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.MultiClassLoader; import serp.util.Strings; @@ -76,8 +79,14 @@ multi.addClassLoader(multi.SYSTEM_LOADER); multi.addClassLoader(multi.THREAD_LOADER); multi.addClassLoader(getClass().getClassLoader()); - if (cls != null && cls.getClassLoader() != null) - multi.addClassLoader(cls.getClassLoader()); + if (cls != null) + { + ClassLoader clsLoader = (ClassLoader) + AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(cls)); + if (clsLoader != null) + multi.addClassLoader(clsLoader); + } loader = multi; } _loader = loader; @@ -145,7 +154,13 @@ _url = -1; _urls.clear(); - e = _loader.getResources((String) _locs.get(_loc)); + try { + e = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction( + _loader, (String) _locs.get(_loc))); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } while (e.hasMoreElements()) _urls.add(e.nextElement()); } @@ -161,7 +176,12 @@ public InputStream getInputStream() throws IOException { if (_url == -1 || _url >= _urls.size()) throw new IllegalStateException(); - return ((URL) _urls.get(_url)).openStream(); + try { + return (InputStream)AccessController.doPrivileged( + J2DoPrivHelper.openStreamAction((URL) _urls.get(_url))); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } public File getFile() throws IOException { @@ -169,7 +189,8 @@ throw new IllegalStateException(); File file = new File(URLDecoder.decode(((URL) _urls.get(_url)). getFile())); - return (file.exists()) ? file : null; + return (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) ? file:null; } public void close() { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java (working copy) @@ -21,14 +21,18 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Iterator; import java.util.NoSuchElementException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; /** @@ -112,7 +116,14 @@ public InputStream getInputStream() throws IOException { if (_file == null) throw new IllegalStateException(); - return new FileInputStream(_file); + FileInputStream fis = null; + try { + fis = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(_file)); + return fis; + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); + } } public File getFile() { @@ -137,9 +148,16 @@ } public byte[] getContent() throws IOException { - long len = _file.length(); - FileInputStream fin = new FileInputStream(_file); + long len = ((Long)AccessController.doPrivileged( + J2DoPrivHelper.lengthAction( _file ))).longValue(); + FileInputStream fin = null; try { + fin = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(_file)); + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); + } + try { byte[] content; if (len <= 0 || len > Integer.MAX_VALUE) { // some JVMs don't return a proper length Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataSerializer.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataSerializer.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataSerializer.java (working copy) @@ -23,6 +23,8 @@ import java.io.IOException; import java.io.StringWriter; import java.io.Writer; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; @@ -42,6 +44,7 @@ import org.xml.sax.helpers.AttributesImpl; import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.xml.Commentable; import org.apache.openjpa.lib.xml.XMLWriter; @@ -135,8 +138,10 @@ File backup = Files.backup(file, false); if (backup == null) { File parent = file.getParentFile(); - if (parent != null && !parent.exists()) - parent.mkdirs(); + if (parent != null && !((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( parent ))).booleanValue()) + AccessController.doPrivileged( + J2DoPrivHelper.mkdirsAction( parent )); } return backup; } @@ -191,10 +196,16 @@ _log.info(_loc.get("ser-file", file)); _backup = prepareWrite(file); - FileWriter out = new FileWriter(file.getCanonicalPath(), - (flags & APPEND) > 0); - serialize(out, flags); - out.close(); + try { + FileWriter out = new FileWriter( + (String)AccessController.doPrivileged( + J2DoPrivHelper.getCanonicalPathAction( file )), + (flags & APPEND) > 0); + serialize(out, flags); + out.close(); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } public void serialize(Writer out, int flags) throws IOException { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java (working copy) @@ -20,9 +20,12 @@ import java.io.File; import java.io.IOException; +import java.security.AccessController; import java.util.Properties; import java.util.zip.ZipFile; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + import serp.util.Strings; /** @@ -47,7 +50,8 @@ */ public ClasspathMetaDataIterator(String[] dirs, MetaDataFilter filter) throws IOException { - Properties props = System.getProperties(); + Properties props = (Properties)AccessController.doPrivileged( + J2DoPrivHelper.getPropertiesAction()); String path = props.getProperty("java.class.path"); String[] tokens = Strings.split(path, props.getProperty("path.separator"), 0); @@ -57,7 +61,8 @@ continue; File file = new File(tokens[i]); - if (!file.exists()) + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) continue; if (file.isDirectory()) addIterator(new FileMetaDataIterator(file, filter)); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/TemporaryClassLoader.java (working copy) @@ -21,6 +21,7 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; import serp.bytecode.lowlevel.ConstantPoolTable; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java (revision 0) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java (revision 0) @@ -0,0 +1,622 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.openjpa.lib.util; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.net.URL; +import java.net.URLConnection; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedExceptionAction; +import serp.bytecode.BCClass; +import serp.bytecode.Code; + +/** + * Helper class to obtain the Privilege(Exception)Action object to perform + * Java 2 doPrivilege security sensitive function call in the following + * methods: + *
    + *
  • Class.getClassLoader + *
  • Class.getDeclaredField + *
  • Class.getDeclaredFields + *
  • Class.getDeclaredMethod + *
  • Class.getDeclaredMethods + *
  • Class.getResource + *
  • Class.newInstance + *
  • ClassLoader.getParent + *
  • ClassLoader.getResource + *
  • ClassLoader.getResources + *
  • ClassLoader.getSystemClassLoader + *
  • File.exists + *
  • File.getAbsolutePath + *
  • File.getCanonicalPath + *
  • File.length + *
  • File.mkdirs + *
  • File.renameTo + *
  • FileInputStream new + *
  • FileOutputStream new + *
  • System.getProperties + *
  • System.getProperty + *
  • Thread.getContextClassLoader + *
  • URL.openStream + *
  • URLConnection.getContent + *
  • serp.bytecode.Code new + *
  • serp.bytecode.BCClass.isInstanceOf + *
+ * + * If these methods are used, the following sample usage patterns should be + * followed to ensure proper privilege is granted: + * + * 1) No security risk method call. E.g. + * + * private static final String SEP = J2DoPrivHelper.getLineSeparator(); + * + * 2) Methods with no exception thrown. PrivilegedAction is returned from + * J2DoPrivHelper.*Action(). E.g. + * + * ClassLoader loader = (ClassLoader)AccessController.doPrivileged( + * J2DoPrivHelper.getClassLoaderAction( clazz )); + * + * ClassLoader loader = (ClassLoader) (System.getSecurityManager() == null) + * ? clazz.getClassLoader() + * : AccessController.doPrivileged( + * J2DoPrivHelper.getClassLoaderAction( clazz )); + * 3) Methods with exception thrown. PrivilegedExceptionAction is returned + * from J2DoPrivHelper.*Action(). E.g. + * + * try { + * method = (Method) AccessController.doPrivileged( + * J2DoPrivHelper.getDeclaredMethodAction(clazz, name, parameterType)); + * } catch( PrivilegedActionException pae ) { + * throw (NoSuchMethodException)pae.getException(); + * } + * + * try { + * method = ( System.getSecurityManager() == null ) + * ? clazz.getDeclaredMethod(name,parameterType) + * : (Method) AccessController.doPrivileged( + * J2DoPrivHelper.getDeclaredMethodAction( + * clazz, name, parameterType)); + * } catch( PrivilegedActionException pae ) { + * throw (NoSuchMethodException)pae.getException() + * } + * + * @author Albert Lee + */ + +public abstract class J2DoPrivHelper { + private static String lineSeparator = null; + private static String pathSeparator = null; + + /** + * Return the value of the "line.separator" system property. + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + */ + public static final String getLineSeparator() { + if (lineSeparator == null) { + lineSeparator = (String) AccessController + .doPrivileged(new PrivilegedAction() { + public Object run() { + return System.getProperty("line.separator"); + } + }); + } + return lineSeparator; + } + + /** + * Return the value of the "path.separator" system property. + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + */ + public static final String getPathSeparator() { + if (pathSeparator == null) { + pathSeparator = (String) AccessController + .doPrivileged(new PrivilegedAction() { + public Object run() { + return System.getProperty("path.separator"); + } + }); + } + return pathSeparator; + } + + /** + * Return a PrivilegeAction object for clazz.getClassloader(). + * + * Notes: No doPrivilege wrapping is required in the caller if: + * "the caller's class loader is not null and the caller's class loader + * is not the same as or an ancestor of the class loader for the class + * whose class loader is requested". E.g. + * + * this.getClass().getClassLoader(); + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return Classloader + */ + public static final PrivilegedAction getClassLoaderAction( + final Class clazz) { + return new PrivilegedAction() { + public Object run() { + return clazz.getClassLoader(); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for clazz.getDeclaredField(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "accessDeclaredMembers";' + * + * @return Field + * @exception NoSuchFieldException + */ + public static final PrivilegedExceptionAction getDeclaredFieldAction( + final Class clazz, final String name) { + return new PrivilegedExceptionAction() { + public Object run() throws NoSuchFieldException { + return clazz.getDeclaredField(name); + } + }; + } + + /** + * Return a PrivilegeAction object for class.getDeclaredFields(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "accessDeclaredMembers";' + * + * @return Field[] + */ + public static final PrivilegedAction getDeclaredFieldsAction( + final Class clazz) { + return new PrivilegedAction() { + public Object run() { + return clazz.getDeclaredFields(); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for clazz.getDeclaredMethod(). + * + * Requires security policy + * 'permission java.lang.RuntimePermission "accessDeclaredMembers";' + * + * @return Method + * @exception NoSuchMethodException + */ + public static final PrivilegedExceptionAction getDeclaredMethodAction( + final Class clazz, final String name, final Class[] parameterTypes) { + return new PrivilegedExceptionAction() { + public Object run() throws NoSuchMethodException { + return clazz.getDeclaredMethod(name, parameterTypes); + } + }; + } + + /** + * Return a PrivilegeAction object for clazz.getDeclaredMethods(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "accessDeclaredMembers";' + * + * @return Method[] + */ + public static final PrivilegedAction getDeclaredMethodsAction( + final Class clazz) { + return new PrivilegedAction() { + public Object run() { + return clazz.getDeclaredMethods(); + } + }; + } + + /** + * Return a PrivilegeAction object for clazz.getResource(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return URL + */ + public static final PrivilegedAction getResourceAction( + final Class clazz, final String resource) { + return new PrivilegedAction() { + public Object run() { + return clazz.getResource(resource); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for clazz.newInstance(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return Object + * @exception IllegalAccessException + * @exception InstantiationException + */ + public static final PrivilegedExceptionAction newInstanceAction( + final Class clazz) throws IllegalAccessException, + InstantiationException { + return new PrivilegedExceptionAction() { + public Object run() throws IllegalAccessException, + InstantiationException { + return clazz.newInstance(); + } + }; + } + + /** + * Return a PrivilegeAction object for loader.getParent(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return ClassLoader + */ + public static final PrivilegedAction getParentAction( + final ClassLoader loader) { + return new PrivilegedAction() { + public Object run() { + return loader.getParent(); + } + }; + } + + /** + * Return a PrivilegeAction object for loader.getResource(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return URL + */ + public static final PrivilegedAction getResourceAction( + final ClassLoader loader, final String resource) { + return new PrivilegedAction() { + public Object run() { + return loader.getResource(resource); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for loader.getResources(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Enumeration + * @exception IOException + */ + public static final PrivilegedExceptionAction getResourcesAction( + final ClassLoader loader, final String resource) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return loader.getResources(resource); + } + }; + } + + /** + * Return a PrivilegeAction object for ClassLoader.getSystemClassLoader(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return ClassLoader + */ + public static final PrivilegedAction getSystemClassLoaderAction() { + return new PrivilegedAction() { + public Object run() { + return ClassLoader.getSystemClassLoader(); + } + }; + } + + /** + * Return a PrivilegeAction object for f.exists(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Boolean + */ + public static final PrivilegedAction existsAction(final File f) { + return new PrivilegedAction() { + public Object run() { + try { + return f.exists() ? Boolean.TRUE : Boolean.FALSE; + } catch (NullPointerException npe) { + return Boolean.FALSE; + } + } + }; + } + + /** + * Return a PrivilegeAction object for f.getAbsolutePath(). + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + * + * @return String + */ + public static final PrivilegedAction getAbsolutePathAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.getAbsolutePath(); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for f.getCanonicalPath(). + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + * + * @return String + * @exception IOException + */ + public static final PrivilegedExceptionAction getCanonicalPathAction( + final File f) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return f.getCanonicalPath(); + } + }; + } + + /** + * Return a PrivilegeAction object for f.length(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Long + */ + public static final PrivilegedAction lengthAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return new Long( f.length() ); + } + }; + } + + /** + * Return a PrivilegeAction object for f.mkdirs(). + * + * Requires security policy: + * 'permission java.io.FilePermission "write";' + * + * @return Boolean + */ + public static final PrivilegedAction mkdirsAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.mkdirs() ? Boolean.TRUE : Boolean.FALSE; + } + }; + } + + /** + * Return a PrivilegeAction object for f.renameTo(). + * + * Requires security policy: + * 'permission java.io.FilePermission "write";' + * + * @return Boolean + */ + public static final PrivilegedAction renameToAction(final File from, + final File to) { + return new PrivilegedAction() { + public Object run() { + return from.renameTo(to) ? Boolean.TRUE : Boolean.FALSE; + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for new FileInputStream(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return FileInputStream + * @throws FileNotFoundException + */ + public static final PrivilegedExceptionAction newFileInputStreamAction( + final File f) throws FileNotFoundException { + return new PrivilegedExceptionAction() { + public Object run() throws FileNotFoundException { + return new FileInputStream(f); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for new FileOutputStream(). + * + * Requires security policy: + * 'permission java.io.FilePermission "write";' + * + * @return FileOutputStream + * @throws FileNotFoundException + */ + public static final PrivilegedExceptionAction newFileOutputStreamAction( + final File f) throws FileNotFoundException { + return new PrivilegedExceptionAction() { + public Object run() throws FileNotFoundException { + return new FileOutputStream(f); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for new FileOutputStream(). + * + * Requires security policy: + * 'permission java.io.FilePermission "write";' + * + * @return FileOutputStream + * @throws FileNotFoundException + */ + public static final PrivilegedExceptionAction newFileOutputStreamAction( + final String f, final boolean append) throws FileNotFoundException { + return new PrivilegedExceptionAction() { + public Object run() throws FileNotFoundException { + return new FileOutputStream(f, append); + } + }; + } + + /** + * Return a PrivilegeAction object for System.getProperties(). + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + * + * @return Properties + */ + public static final PrivilegedAction getPropertiesAction() { + return new PrivilegedAction() { + public Object run() { + return System.getProperties(); + } + }; + } + + /** + * Return a PrivilegeAction object for System.getProperty(). + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + * + * @return String + */ + public static final PrivilegedAction getPropertyAction(final String name) { + return new PrivilegedAction() { + public Object run() { + return System.getProperty(name); + } + }; + } + + /** + * Return a PrivilegeAction object for Thread.currentThread + * .getContextClassLoader(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return ClassLoader + */ + public static final PrivilegedAction getContextClassLoaderAction() { + return new PrivilegedAction() { + public Object run() { + return Thread.currentThread().getContextClassLoader(); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for url.openStream(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return InputStream + * @throws IOException + */ + public static final PrivilegedExceptionAction openStreamAction( + final URL url) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return url.openStream(); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object con.getContent(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Object + * @throws IOException + */ + public static final PrivilegedExceptionAction getContentAction( + final URLConnection con) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return con.getContent(); + } + }; + } + + /** + * Return a PrivilegeAction object for new serp.bytecode.Code(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return serp.bytecode.Code + */ + public static final PrivilegedAction newCodeAction() { + return new PrivilegedAction() { + public Object run() { + return new Code(); + } + }; + } + + /** + * Return a PrivilegeAction object for bcClass.isInstanceOf(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return Boolean + */ + public static final PrivilegedAction isInstanceOfAction( + final BCClass bcClass, final Class clazz) { + return new PrivilegedAction() { + public Object run() { + return bcClass.isInstanceOf(clazz) ? Boolean.TRUE + : Boolean.FALSE; + } + }; + } +} Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/concurrent/Utils.java (working copy) @@ -31,6 +31,8 @@ import java.util.Collection; import java.util.Iterator; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * This class groups together the functionality of java.util.concurrent that * cannot be fully and reliably implemented in backport, but for which some @@ -53,15 +55,12 @@ static { NanoTimer timer = null; try { - String nanoTimerClassName = (String) - AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { - return System.getProperty(providerProp); - } - }); + String nanoTimerClassName = (String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction(providerProp)); if (nanoTimerClassName != null) { Class cls = Class.forName(nanoTimerClassName); - timer = (NanoTimer) cls.newInstance(); + timer = (NanoTimer) AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(cls)); } } catch (Exception e) { System.err.println( Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/MultiClassLoader.java (working copy) @@ -20,6 +20,8 @@ import java.io.IOException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Enumeration; import java.util.Iterator; @@ -46,7 +48,8 @@ * The standard system class loader. */ public static final ClassLoader SYSTEM_LOADER = - ClassLoader.getSystemClassLoader(); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getSystemClassLoaderAction()); private List _loaders = new ArrayList(5); @@ -82,7 +85,8 @@ for (int i = 0; i < loaders.length; i++) { loader = (ClassLoader) itr.next(); if (loader == THREAD_LOADER) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); loaders[i] = loader; } return loaders; @@ -94,7 +98,8 @@ public ClassLoader getClassLoader(int index) { ClassLoader loader = (ClassLoader) _loaders.get(index); if (loader == THREAD_LOADER) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); return loader; } @@ -201,7 +206,8 @@ for (Iterator itr = _loaders.iterator(); itr.hasNext();) { loader = (ClassLoader) itr.next(); if (loader == THREAD_LOADER) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); try { return Class.forName(name, false, loader); } catch (Throwable t) { @@ -216,12 +222,14 @@ for (Iterator itr = _loaders.iterator(); itr.hasNext();) { loader = (ClassLoader) itr.next(); if (loader == THREAD_LOADER) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); if (loader == null) // skip continue; - rsrc = loader.getResource(name); + rsrc = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, name)); if (rsrc != null) return rsrc; } @@ -236,14 +244,21 @@ for (Iterator itr = _loaders.iterator(); itr.hasNext();) { loader = (ClassLoader) itr.next(); if (loader == THREAD_LOADER) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); + - rsrcs = loader.getResources(name); - while (rsrcs.hasMoreElements()) { - rsrc = rsrcs.nextElement(); - if (!all.contains(rsrc)) - all.addElement(rsrc); - } + try { + rsrcs = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction(loader, name)); + while (rsrcs.hasMoreElements()) { + rsrc = rsrcs.nextElement(); + if (!all.contains(rsrc)) + all.addElement(rsrc); + } + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } return all.elements(); } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/StreamResourceBundleProvider.java (working copy) @@ -20,6 +20,7 @@ import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; import java.util.Locale; import java.util.PropertyResourceBundle; import java.util.ResourceBundle; @@ -37,7 +38,8 @@ ClassLoader loader) { String rsrc = name.replace('.', '/') + ".properties"; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); InputStream in = loader.getResourceAsStream(rsrc); if (in != null) { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ZipResourceBundleProvider.java (working copy) @@ -20,6 +20,7 @@ import java.io.IOException; import java.io.InputStream; +import java.security.AccessController; import java.util.Locale; import java.util.PropertyResourceBundle; import java.util.ResourceBundle; @@ -39,7 +40,8 @@ ClassLoader loader) { String rsrc = name.replace('.', '/') + ".properties"; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); InputStream in = loader.getResourceAsStream(rsrc); if (in == null) Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Localizer.java (working copy) @@ -18,6 +18,7 @@ */ package org.apache.openjpa.lib.util; +import java.security.AccessController; import java.text.MessageFormat; import java.util.Arrays; import java.util.Collection; @@ -99,7 +100,8 @@ return loc; else { loc = new Localizer(pkg, file, locale, - cls == null ? null : cls.getClassLoader()); + cls == null ? null:(ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(cls))); _localizers.put(key, loc); return loc; } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Options.java (working copy) @@ -22,6 +22,8 @@ import java.lang.reflect.Field; import java.lang.reflect.Member; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Collection; import java.util.Iterator; import java.util.LinkedList; @@ -31,6 +33,7 @@ import java.util.TreeSet; import org.apache.commons.lang.StringUtils; + import serp.util.Strings; /** @@ -363,7 +366,12 @@ // inner instance and set it in object if (inner == null && setter != null) { Class innerType = getType(setter)[0]; - inner = innerType.newInstance(); + try { + inner = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(innerType)); + } catch( PrivilegedActionException pae ) { + throw pae.getException(); + } invoke(match[0], setter, new Object[]{ inner }); } match[0] = inner; @@ -444,7 +452,12 @@ } if (!type.isAssignableFrom(subType)) throw err; - return subType.newInstance(); + try { + return AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(subType)); + } catch( PrivilegedActionException pae ) { + throw pae.getException(); + } } /** Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Files.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Files.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Files.java (working copy) @@ -22,6 +22,7 @@ import java.io.BufferedOutputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; @@ -30,6 +31,8 @@ import java.io.Writer; import java.net.URL; import java.net.URLDecoder; +import java.security.AccessController; +import java.security.PrivilegedActionException; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.exception.NestableRuntimeException; @@ -48,13 +51,17 @@ * the file does not exist or a backup could not be created, returns null. */ public static File backup(File file, boolean copy) { - if (file == null || !file.exists()) + if (file == null || !((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) return null; // create new file object copy so we don't modify the original - File clone = new File(file.getAbsolutePath()); - File bk = new File(file.getAbsolutePath() + "~"); - if (!clone.renameTo(bk)) + String aPath = (String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( file )); + File clone = new File(aPath); + File bk = new File(aPath + "~"); + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.renameToAction( clone, bk ))).booleanValue()) return null; if (copy) { try { @@ -76,14 +83,17 @@ return null; if (!backup.getName().endsWith("~")) backup = new File(backup.getPath() + "~"); - if (!backup.exists()) + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( backup ))).booleanValue()) return null; // create new file object copy so we don't modify the original - String path = backup.getAbsolutePath(); + String path = (String)AccessController.doPrivileged( + J2DoPrivHelper.getAbsolutePathAction( backup )); File clone = new File(path); File orig = new File(path.substring(0, path.length() - 1)); - if (!clone.renameTo(orig)) + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.renameToAction( clone, orig ))).booleanValue()) return null; if (copy) { try { @@ -122,7 +132,8 @@ if (innerIdx != -1) name = name.substring(0, innerIdx); - URL rsrc = cls.getResource(name + ext); + URL rsrc = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(cls, name + ext)); if (rsrc != null && rsrc.getProtocol().equals("file")) return new File(URLDecoder.decode(rsrc.getFile())); return null; @@ -137,26 +148,34 @@ */ public static File getPackageFile(File base, String pkg, boolean mkdirs) { if (base == null) - base = new File(System.getProperty("user.dir")); + base = new File((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction("user.dir"))); if (StringUtils.isEmpty(pkg)) { - if (mkdirs && !base.exists()) - base.mkdirs(); + if (mkdirs && !((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( base ))).booleanValue()) + AccessController.doPrivileged( + J2DoPrivHelper.mkdirsAction( base )); return base; } pkg = pkg.replace('.', File.separatorChar); File file = null; try { - if (base.getCanonicalPath().endsWith(pkg)) + if (((String)AccessController.doPrivileged( + J2DoPrivHelper.getCanonicalPathAction( base ))).endsWith(pkg)) file = base; else file = new File(base, pkg); + } catch( PrivilegedActionException pae ) { + throw new NestableRuntimeException( + (IOException)pae.getException()); } catch (IOException ioe) { throw new NestableRuntimeException(ioe); } - if (mkdirs && !file.exists()) - file.mkdirs(); + if (mkdirs && !((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) + AccessController.doPrivileged(J2DoPrivHelper.mkdirsAction( file )); return file; } @@ -176,17 +195,21 @@ return null; File file = new File(name); - if (file.exists()) + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) return file; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); - URL url = loader.getResource(name); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); + URL url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, name)); if (url != null) { String urlFile = url.getFile(); if (urlFile != null) { File rsrc = new File(URLDecoder.decode(urlFile)); - if (rsrc.exists()) + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( rsrc ))).booleanValue()) return rsrc; } } @@ -231,7 +254,11 @@ if ("stderr".equals(file)) return System.err; try { - return new FileOutputStream(getFile(file, loader)); + return (FileOutputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileOutputStreamAction( + getFile(file, loader))); + } catch( PrivilegedActionException pae ) { + throw new NestableRuntimeException(pae.getException()); } catch (IOException ioe) { throw new NestableRuntimeException(ioe); } @@ -241,19 +268,25 @@ * Copy a file. Return false if from does not exist. */ public static boolean copy(File from, File to) throws IOException { - if (from == null || to == null || !from.exists()) + if (from == null || to == null || + !((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( from ))).booleanValue()) return false; FileInputStream in = null; FileOutputStream out = null; try { - in = new FileInputStream(from); + in = (FileInputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileInputStreamAction(from)); BufferedInputStream inbuf = new BufferedInputStream(in); - out = new FileOutputStream(to); + out = (FileOutputStream) AccessController.doPrivileged( + J2DoPrivHelper.newFileOutputStreamAction(to)); BufferedOutputStream outbuf = new BufferedOutputStream(out); for (int b; (b = inbuf.read()) != -1; outbuf.write(b)) ; outbuf.flush(); return true; + } catch( PrivilegedActionException pae ) { + throw (FileNotFoundException)pae.getException(); } finally { if (in != null) try { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/FormatPreservingProperties.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/FormatPreservingProperties.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/FormatPreservingProperties.java (working copy) @@ -578,7 +578,7 @@ } public void append(String newline) { - line.append(System.getProperty("line.separator")); + line.append(J2DoPrivHelper.getLineSeparator()); line.append(newline); } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/JavaVersions.java (working copy) @@ -20,6 +20,7 @@ import java.lang.reflect.Field; import java.lang.reflect.Method; +import java.security.AccessController; /** * Utilities for dealing with different Java spec versions. @@ -45,7 +46,8 @@ private static Method INIT_CAUSE = null; static { - String specVersion = System.getProperty("java.specification.version"); + String specVersion = (String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction("java.specification.version")); if ("1.2".equals(specVersion)) VERSION = 2; else if ("1.3".equals(specVersion)) Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/ParameterTemplate.java (working copy) @@ -29,6 +29,7 @@ import java.io.OutputStreamWriter; import java.io.Reader; import java.io.Writer; +import java.security.AccessController; import java.util.HashMap; import java.util.Map; @@ -45,7 +46,7 @@ */ public class ParameterTemplate { - private static final String SEP = System.getProperty("line.separator"); + private static final String SEP = J2DoPrivHelper.getLineSeparator(); private final StringBuffer _buf = new StringBuffer(); private final Map _params = new HashMap(); @@ -210,7 +211,8 @@ if (_params.containsKey(param.toString())) copy.append(_params.get(param.toString())); else - copy.append(System.getProperty(param.toString())); + copy.append((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction(param.toString()))); param = null; } else if (param != null) param.append(ch); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/Services.java (working copy) @@ -23,6 +23,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.net.URL; +import java.security.AccessController; import java.util.ArrayList; import java.util.Enumeration; import java.util.List; @@ -84,11 +85,13 @@ public static String[] getImplementors(String serviceName, ClassLoader loader) { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); try { Set resourceList = new TreeSet(); - Enumeration resources = loader.getResources(PREFIX + serviceName); + Enumeration resources = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction(loader, PREFIX + serviceName)); while (resources.hasMoreElements()) addResources((URL) resources.nextElement(), resourceList); @@ -175,7 +178,8 @@ public static Class[] getImplementorClasses(String serviceName, ClassLoader loader, boolean skipMissing) throws ClassNotFoundException { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); String[] names = getImplementors(serviceName, loader); if (names == null) Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/CodeFormat.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/CodeFormat.java (revision 548475) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/CodeFormat.java (working copy) @@ -26,7 +26,7 @@ */ public final class CodeFormat implements Cloneable { - private static final String _sep = System.getProperty("line.separator"); + private static final String _sep = J2DoPrivHelper.getLineSeparator(); private String _tab = "\t"; private boolean _spaceBeforeParen = false; Index: openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java =================================================================== --- openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java (revision 548475) +++ openjpa-xmlstore/src/main/java/org/apache/openjpa/xmlstore/XMLFileHandler.java (working copy) @@ -30,6 +30,7 @@ import java.lang.reflect.Constructor; import java.math.BigDecimal; import java.math.BigInteger; +import java.security.AccessController; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -45,6 +46,7 @@ import org.xml.sax.helpers.DefaultHandler; import org.apache.openjpa.enhance.PCRegistry; import org.apache.openjpa.lib.util.Base16Encoder; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.xml.XMLFactory; import org.apache.openjpa.lib.xml.XMLWriter; import org.apache.openjpa.meta.ClassMetaData; @@ -78,7 +80,10 @@ */ public Collection load(ClassMetaData meta) { File f = getFile(meta); - if (!f.exists() || f.length() == 0) + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( f ))).booleanValue() || + ((Long)AccessController.doPrivileged( + J2DoPrivHelper.lengthAction( f ))).longValue() == 0) return Collections.EMPTY_SET; try { return read(f); @@ -128,8 +133,10 @@ throw new InternalException(); File f = getFile(meta); - if (!f.getParentFile().exists()) - f.getParentFile().mkdirs(); + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( f.getParentFile() ))).booleanValue()) + AccessController.doPrivileged( + J2DoPrivHelper.mkdirsAction( f.getParentFile() )); FileWriter fw = null; try { Index: openjpa-kernel/src/main/java/org/apache/openjpa/abstractstore/AbstractStoreBrokerFactory.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/abstractstore/AbstractStoreBrokerFactory.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/abstractstore/AbstractStoreBrokerFactory.java (working copy) @@ -18,6 +18,7 @@ */ package org.apache.openjpa.abstractstore; +import java.security.AccessController; import java.util.Map; import java.util.Properties; @@ -29,6 +30,7 @@ import org.apache.openjpa.lib.conf.ConfigurationProvider; import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.conf.ProductDerivations; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.UserException; @@ -131,7 +133,9 @@ private static AbstractStoreManager createStoreManager(String cls, String props) { AbstractStoreManager store = (AbstractStoreManager) Configurations. - newInstance(cls, AbstractStoreManager.class.getClassLoader()); + newInstance(cls, (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + AbstractStoreManager.class))); Configurations.configureInstance(store, null, props, PROP_ABSTRACT_STORE); if (store == null) Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/AbstractBrokerFactory.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/AbstractBrokerFactory.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/AbstractBrokerFactory.java (working copy) @@ -38,6 +38,7 @@ import org.apache.openjpa.enhance.PCRegistry; import org.apache.openjpa.event.RemoteCommitEventManager; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.ReferenceHashSet; import org.apache.openjpa.lib.util.concurrent.ConcurrentHashMap; @@ -517,7 +518,7 @@ log.info(getFactoryInitializationBanner()); if (log.isTraceEnabled()) { Map props = _conf.toProperties(true); - String lineSep = System.getProperty("line.separator"); + String lineSep = J2DoPrivHelper.getLineSeparator(); StringBuffer buf = new StringBuffer(); Map.Entry entry; for (Iterator itr = props.entrySet().iterator(); Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Bootstrap.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Bootstrap.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Bootstrap.java (working copy) @@ -20,11 +20,13 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.security.AccessController; import org.apache.openjpa.conf.BrokerFactoryValue; import org.apache.openjpa.lib.conf.ConfigurationProvider; import org.apache.openjpa.lib.conf.MapConfigurationProvider; import org.apache.openjpa.lib.conf.ProductDerivations; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.InternalException; import org.apache.openjpa.util.OpenJPAException; @@ -113,7 +115,9 @@ } catch (NoSuchMethodException nsme) { // handle cases where there is a mismatch between loaders by falling // back to the configuration's class loader for broker resolution - cls = getFactoryClass(conf, conf.getClass().getClassLoader()); + cls = getFactoryClass(conf, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(conf.getClass()))); meth = cls.getMethod(methodName, FACTORY_ARGS); } @@ -135,7 +139,8 @@ private static Class getFactoryClass(ConfigurationProvider conf, ClassLoader loader) { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); Object cls = BrokerFactoryValue.get(conf); if (cls instanceof Class) Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/jpql/JPQLExpressionBuilder.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/jpql/JPQLExpressionBuilder.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/jpql/JPQLExpressionBuilder.java (working copy) @@ -22,6 +22,7 @@ import java.io.Serializable; import java.lang.reflect.Field; import java.math.BigDecimal; +import java.security.AccessController; import java.util.Arrays; import java.util.Collection; import java.util.HashSet; @@ -43,6 +44,7 @@ import org.apache.openjpa.kernel.exps.QueryExpressions; import org.apache.openjpa.kernel.exps.Subquery; import org.apache.openjpa.kernel.exps.Value; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.FieldMetaData; Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Filters.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Filters.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/Filters.java (working copy) @@ -18,10 +18,11 @@ */ package org.apache.openjpa.kernel; -import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.math.BigDecimal; import java.math.BigInteger; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Calendar; import java.util.Collection; @@ -31,10 +32,10 @@ import org.apache.openjpa.enhance.Reflection; import org.apache.openjpa.kernel.exps.AggregateListener; import org.apache.openjpa.kernel.exps.FilterListener; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.JavaTypes; -import org.apache.openjpa.util.ImplHelper; import org.apache.openjpa.util.InternalException; import org.apache.openjpa.util.UserException; import serp.util.Numbers; @@ -746,9 +747,12 @@ Exception cause = null; if (hint instanceof String) { try { - return (AggregateListener) Class.forName((String) hint, true, - loader).newInstance(); + return (AggregateListener) AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + Class.forName((String) hint, true, loader))); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); cause = e; } } @@ -781,10 +785,13 @@ AggregateListener[] aggs = new AggregateListener[clss.length]; try { for (int i = 0; i < clss.length; i++) - aggs[i] = (AggregateListener) Class.forName(clss[i], true, - loader).newInstance(); + aggs[i] = (AggregateListener)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + Class.forName(clss[i], true, loader))); return aggs; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); cause = e; } } @@ -806,9 +813,12 @@ Exception cause = null; if (hint instanceof String) { try { - return (FilterListener) Class.forName((String) hint, true, - loader).newInstance(); + return (FilterListener)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + Class.forName((String) hint, true, loader))); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); cause = e; } } @@ -840,10 +850,13 @@ FilterListener[] filts = new FilterListener[clss.length]; try { for (int i = 0; i < clss.length; i++) - filts[i] = (FilterListener) Class.forName(clss[i], true, - loader).newInstance(); + filts[i] = (FilterListener)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + Class.forName(clss[i], true, loader))); return filts; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); cause = e; } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ObjectIdStateManager.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ObjectIdStateManager.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ObjectIdStateManager.java (working copy) @@ -22,12 +22,14 @@ import java.io.ObjectOutput; import java.lang.reflect.Field; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.BitSet; -import org.apache.commons.lang.StringUtils; import org.apache.openjpa.enhance.PersistenceCapable; import org.apache.openjpa.enhance.StateManager; import org.apache.openjpa.enhance.Reflection; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.FieldMetaData; import org.apache.openjpa.meta.JavaTypes; @@ -710,8 +712,12 @@ private void setValue(int field, Object val, boolean forceInst) { if (_oid == null && forceInst) { try { - _oid = getMetaData().getDescribedType().newInstance(); + _oid = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction( + getMetaData().getDescribedType())); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new GeneralException(e); } } else if (_oid == null) Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryImpl.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryImpl.java (working copy) @@ -19,6 +19,7 @@ package org.apache.openjpa.kernel; import java.io.Serializable; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -45,6 +46,7 @@ import org.apache.openjpa.lib.rop.RangeResultObjectProvider; import org.apache.openjpa.lib.rop.ResultList; import org.apache.openjpa.lib.rop.ResultObjectProvider; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.ReferenceHashSet; import org.apache.openjpa.lib.util.concurrent.ReentrantLock; @@ -1555,7 +1557,8 @@ // first check the aliases map in the MetaDataRepository ClassLoader loader = (_class == null) ? _loader - : _class.getClassLoader(); + : (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(_class)); ClassMetaData meta = _broker.getConfiguration(). getMetaDataRepositoryInstance().getMetaData(name, loader, false); if (meta != null) Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/BrokerImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/BrokerImpl.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/BrokerImpl.java (working copy) @@ -20,6 +20,7 @@ import java.io.Serializable; import java.lang.reflect.Modifier; +import java.security.AccessController; import java.util.AbstractCollection; import java.util.ArrayList; import java.util.BitSet; @@ -62,6 +63,7 @@ import org.apache.openjpa.event.TransactionEventManager; import org.apache.openjpa.kernel.exps.ExpressionParser; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.ReferenceHashMap; import org.apache.openjpa.lib.util.ReferenceHashSet; @@ -256,7 +258,8 @@ public void initialize(AbstractBrokerFactory factory, DelegatingStoreManager sm, boolean managed, int connMode) { _initializeWasInvoked = true; - _loader = Thread.currentThread().getContextClassLoader(); + _loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); _jca = new JCAHelper(); _conf = factory.getConfiguration(); _compat = _conf.getCompatibilityInstance(); @@ -4131,7 +4134,9 @@ // 1.5 doesn't initialize classes without a true Class.forName if (!PCRegistry.isRegistered(cls)) { try { - Class.forName(cls.getName(), true, cls.getClassLoader()); + Class.forName(cls.getName(), true, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(cls))); } catch (Throwable t) { } } @@ -4270,8 +4275,12 @@ if (intfs[i].getName().equals(PersistenceCapable.class.getName())) { throw new UserException(_loc.get("pc-loader-different", Exceptions.toString(obj), - PersistenceCapable.class.getClassLoader(), - intfs[i].getClassLoader())).setFailedObject(obj); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + PersistenceCapable.class)), + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(intfs[i])))) + .setFailedObject(obj); } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ResultPacker.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ResultPacker.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/ResultPacker.java (working copy) @@ -24,6 +24,8 @@ import java.lang.reflect.Method; import java.math.BigDecimal; import java.math.BigInteger; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Arrays; import java.util.Calendar; import java.util.Date; @@ -34,6 +36,7 @@ import java.util.Set; import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.OpenJPAException; import org.apache.openjpa.util.UserException; @@ -231,7 +234,8 @@ if (_constructor != null) return _constructor.newInstance(result); - Object user = _resultClass.newInstance(); + Object user = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(_resultClass)); for (int i = 0; i < _aliases.length; i++) { if (_sets[i] instanceof Method) { Method meth = (Method) _sets[i]; @@ -248,6 +252,9 @@ return user; } catch (OpenJPAException ke) { throw ke; + } catch( PrivilegedActionException pae ) { + throw new UserException(_loc.get("pack-instantiation-err", + _resultClass), pae.getException()); } catch (InstantiationException ie) { throw new UserException(_loc.get("pack-instantiation-err", _resultClass), ie); Index: openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryLanguages.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryLanguages.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/kernel/QueryLanguages.java (working copy) @@ -18,10 +18,13 @@ */ package org.apache.openjpa.kernel; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.HashMap; import java.util.Map; import org.apache.openjpa.kernel.exps.ExpressionParser; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Services; import org.apache.openjpa.util.InternalException; @@ -37,11 +40,16 @@ static { // Load and cache all the query languages available in the system. Class[] classes = Services.getImplementorClasses( - ExpressionParser.class, ExpressionParser.class.getClassLoader()); + ExpressionParser.class, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(ExpressionParser.class))); for (int i = 0; i < classes.length; i++) { ExpressionParser ep; try { - ep = (ExpressionParser) classes[i].newInstance(); + ep = (ExpressionParser)AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(classes[i])); + } catch( PrivilegedActionException pae ) { + throw new InternalException(pae.getException()); } catch (InstantiationException e) { throw new InternalException(e); } catch (IllegalAccessException e) { Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java (working copy) @@ -19,8 +19,10 @@ package org.apache.openjpa.enhance; import java.lang.reflect.Constructor; +import java.security.AccessController; import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.meta.JavaTypes; import org.apache.openjpa.util.InternalException; import serp.bytecode.BCClass; @@ -95,7 +97,8 @@ // the project/classloader for the classes. private final Project _project = new Project(); private final BCClassLoader _loader = new BCClassLoader(_project, - DynamicStorage.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(DynamicStorage.class))); /** * Generate a generic {@link DynamicStorage} instance with the given Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java (working copy) @@ -30,6 +30,8 @@ import java.lang.reflect.Field; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -50,6 +52,7 @@ import org.apache.openjpa.lib.meta.ClassArgParser; import org.apache.openjpa.lib.util.BytecodeWriter; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.Services; @@ -130,11 +133,13 @@ static { Class[] classes = Services.getImplementorClasses( AuxiliaryEnhancer.class, - AuxiliaryEnhancer.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(AuxiliaryEnhancer.class))); List auxEnhancers = new ArrayList(classes.length); for (int i = 0; i < classes.length; i++) { try { - auxEnhancers.add(classes[i].newInstance()); + auxEnhancers.add(AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(classes[i]))); } catch (Throwable t) { // aux enhancer may rely on non-existant spec classes, etc } @@ -479,8 +484,9 @@ * Package-protected and static for testing. */ static BCField getReturnedField(BCMethod meth) { - return findField(meth, new Code().xreturn().setType - (meth.getReturnType()), false); + return findField(meth, ((Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction())).xreturn() + .setType(meth.getReturnType()), false); } /** @@ -488,7 +494,8 @@ * Package-protected and static for testing. */ static BCField getAssignedField(BCMethod meth) { - return findField(meth, new Code().putfield(), true); + return findField(meth, ((Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction())).putfield(), true); } /** @@ -567,7 +574,7 @@ if (_violations == null) return; - String sep = System.getProperty("line.separator"); + String sep = J2DoPrivHelper.getLineSeparator(); StringBuffer buf = new StringBuffer(); for (Iterator itr = _violations.iterator(); itr.hasNext();) { buf.append(itr.next()); @@ -589,7 +596,8 @@ */ private void replaceAndValidateFieldAccess() { // create template putfield/getfield instructions to search for - Code template = new Code(); + Code template = (Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction()); Instruction put = template.putfield(); Instruction get = template.getfield(); Instruction stat = template.invokestatic(); @@ -1193,51 +1201,73 @@ */ private void addStockMethods() throws NoSuchMethodException { - // pcGetGenericContext - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("get" + CONTEXTNAME, (Class[]) null)); - - // pcFetchObjectId - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("fetchObjectId", (Class[]) null)); - - // pcIsDeleted - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("isDeleted", (Class[]) null)); - - // pcIsDirty - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("isDirty", (Class[]) null)); - - // pcIsNew - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("isNew", (Class[]) null)); - - // pcIsPersistent - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("isPersistent", (Class[]) null)); - - // pcIsTransactional - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("isTransactional", (Class[]) null)); - - // pcSerializing - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod - ("serializing", (Class[]) null)); - - // pcDirty - translateFromStateManagerMethod(SMTYPE.getDeclaredMethod("dirty", - new Class[]{ String.class })); - - // pcGetStateManager - BCMethod meth = _pc.declareMethod(PRE + "GetStateManager", - StateManager.class, null); - Code code = meth.getCode(true); - loadManagedInstance(code, false); - code.getfield().setField(SM, StateManager.class); - code.areturn(); - code.calculateMaxStack(); - code.calculateMaxLocals(); + try { + // pcGetGenericContext + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "get" + CONTEXTNAME, (Class[]) null))); + + // pcFetchObjectId + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "fetchObjectId", (Class[]) null))); + + // pcIsDeleted + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "isDeleted", (Class[]) null))); + + // pcIsDirty + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "isDirty", (Class[]) null))); + + // pcIsNew + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "isNew", (Class[]) null))); + + // pcIsPersistent + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "isPersistent", (Class[]) null))); + + // pcIsTransactional + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "isTransactional", (Class[]) null))); + + // pcSerializing + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "serializing", (Class[]) null))); + + // pcDirty + translateFromStateManagerMethod( + (Method)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + SMTYPE, "dirty", new Class[]{ String.class }))); + + // pcGetStateManager + BCMethod meth = _pc.declareMethod(PRE + "GetStateManager", + StateManager.class, null); + Code code = meth.getCode(true); + loadManagedInstance(code, false); + code.getfield().setField(SM, StateManager.class); + code.areturn(); + code.calculateMaxStack(); + code.calculateMaxLocals(); + } catch( PrivilegedActionException pae ) { + throw (NoSuchMethodException)pae.getException(); + } } /** @@ -2160,7 +2190,15 @@ // use reflection to return the right method String name = prefix + typeName + "Field"; Class[] params = (Class[]) plist.toArray(new Class[plist.size()]); - return owner.getDeclaredMethod(name, params); + + Method method = null; + try { + method = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction(owner, name, params)); + } catch( PrivilegedActionException pae ) { + throw (NoSuchMethodException)pae.getException(); + } + return method; } /** @@ -2459,7 +2497,8 @@ code.vreturn(); } - Instruction tmplate = new Code().vreturn(); + Instruction tmplate = ((Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction())).vreturn(); JumpInstruction toret; Instruction ret; code.beforeFirst(); @@ -2727,7 +2766,8 @@ if (clinit != null) { code = clinit.getCode(true); if (replaceLast) { - Code template = new Code(); + Code template = (Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction()); code.searchForward(template.vreturn()); code.previous(); code.set(template.nop()); @@ -2768,7 +2808,9 @@ if (clone == null) { // add clone support for base classes // which also implement cloneable - if (!_pc.isInstanceOf(Cloneable.class) + if (!((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.isInstanceOfAction( _pc, Cloneable.class ))) + .booleanValue() || !superName.equals(Object.class.getName())) return; @@ -2796,8 +2838,9 @@ } // create template super.clone () instruction to match against - Instruction template = new Code().invokespecial().setMethod - (superName, "clone", Object.class.getName(), null); + Instruction template = ((Code)AccessController.doPrivileged( + J2DoPrivHelper.newCodeAction())).invokespecial() + .setMethod(superName, "clone", Object.class.getName(), null); // find calls to the template instruction; on match // clone will be on stack Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java (working copy) @@ -23,8 +23,10 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.GeneralException; import org.apache.openjpa.util.UserException; @@ -116,7 +118,8 @@ */ private static Method getDeclaredMethod(Class cls, String name, Class param) { - Method[] methods = cls.getDeclaredMethods(); + Method[] methods = (Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( cls )); for (int i = 0 ; i < methods.length; i++) { if (name.equals(methods[i].getName())) { Class[] methodParams = methods[i].getParameterTypes(); @@ -160,7 +163,8 @@ * @since 0.9.8 */ private static Field getDeclaredField(Class cls, String name) { - Field[] fields = cls.getDeclaredFields(); + Field[] fields = (Field[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldsAction( cls )); for (int i = 0 ; i < fields.length; i++) { if (name.equals(fields[i].getName())) return fields[i]; Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java (working copy) @@ -24,6 +24,7 @@ import java.io.PrintWriter; import java.io.Writer; import java.lang.reflect.Modifier; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -44,6 +45,7 @@ import org.apache.openjpa.lib.meta.ClassArgParser; import org.apache.openjpa.lib.util.CodeFormat; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; @@ -438,8 +440,8 @@ // indent the entire code block one level to make it // a propertly indented innder class _code = code.getTab() + Strings.replace(_code, - System.getProperty("line.separator"), - System.getProperty("line.separator") + code.getTab()); + J2DoPrivHelper.getLineSeparator(), + J2DoPrivHelper.getLineSeparator() + code.getTab()); } return true; @@ -1417,9 +1419,11 @@ name = Strings.getPackageName(context) + "." + name; // first try with regular class loader - ClassLoader loader = context.getClassLoader(); + ClassLoader loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(context)); if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); try { return Class.forName(name, false, loader); } catch (Throwable t) { Index: openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java (working copy) @@ -23,8 +23,10 @@ import java.io.ObjectInput; import java.io.ObjectOutput; import java.lang.reflect.Method; +import java.security.AccessController; import java.util.Arrays; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.UserException; @@ -101,7 +103,8 @@ protected static Method getMethod(Class cls, String method, Class[] args) { Class currentClass = cls; do { - Method[] methods = currentClass.getDeclaredMethods(); + Method[] methods = (Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( currentClass )); for (int i = 0; i < methods.length; i++) { if (!method.equals(methods[i].getName())) continue; Index: openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java (working copy) @@ -22,7 +22,10 @@ import java.io.ObjectInput; import java.io.ObjectOutput; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.UserException; @@ -60,8 +63,11 @@ private Object newListener(Class cls) { try { - return cls.newInstance(); + return AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(cls)); } catch (Throwable t) { + if (t instanceof PrivilegedActionException) + t = ((PrivilegedActionException )t).getException(); throw new UserException(_loc.get("bean-constructor", cls.getName()), t); } Index: openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAVersion.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAVersion.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/conf/OpenJPAVersion.java (working copy) @@ -20,9 +20,12 @@ import java.io.File; import java.io.InputStream; +import java.security.AccessController; import java.util.Properties; import java.util.StringTokenizer; +import org.apache.openjpa.lib.util.J2DoPrivHelper; + /** * This class contains version information for OpenJPA. It uses * Ant's filter tokens to convert the template into a java @@ -110,7 +113,9 @@ buf.append("java.class.path:\n"); StringTokenizer tok = new StringTokenizer - (System.getProperty("java.class.path"), File.pathSeparator); + ((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction("java.class.path")), + File.pathSeparator); while (tok.hasMoreTokens()) { buf.append("\t").append(tok.nextToken()); buf.append("\n"); @@ -132,6 +137,8 @@ } private StringBuffer appendProperty(String prop, StringBuffer buf) { - return buf.append(prop).append(": ").append(System.getProperty(prop)); + return buf.append(prop).append(": ") + .append((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction(prop))); } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/FieldMetaData.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/FieldMetaData.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/FieldMetaData.java (working copy) @@ -28,6 +28,8 @@ import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Calendar; import java.util.Collection; @@ -50,6 +52,7 @@ import org.apache.openjpa.kernel.StoreContext; import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; @@ -1213,7 +1216,8 @@ try { if (val == null && getNullValue() == NULL_DEFAULT) - return getDeclaredType().newInstance(); + return AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(getDeclaredType())); // invoke either the constructor for the field type, // or the static type.toField(val[, ctx]) method @@ -1246,6 +1250,8 @@ if (e instanceof OpenJPAException) throw (OpenJPAException) e; + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new MetaDataException(_loc.get("factory-err", this, Exceptions.toString(val), e.toString())).setCause(e); } @@ -1956,23 +1962,24 @@ String memberName = (String) in.readObject(); try { if (isField) - _member = cls.getDeclaredField(memberName); + _member = (Field) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldAction( + cls,memberName)); else { Class[] parameterTypes = (Class[]) in.readObject(); - _member = cls.getDeclaredMethod(memberName, parameterTypes); + _member = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + cls, memberName, parameterTypes)); } } catch (SecurityException e) { IOException ioe = new IOException(e.getMessage()); ioe.initCause(e); throw ioe; - } catch (NoSuchFieldException e) { - IOException ioe = new IOException(e.getMessage()); - ioe.initCause(e); + } catch( PrivilegedActionException pae ) { + IOException ioe = new IOException( + pae.getException().getMessage()); + ioe.initCause(pae); throw ioe; - } catch (NoSuchMethodException e) { - IOException ioe = new IOException(e.getMessage()); - ioe.initCause(e); - throw ioe; } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java (working copy) @@ -20,6 +20,8 @@ import java.lang.reflect.Method; import java.io.ByteArrayInputStream; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -28,6 +30,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.openjpa.enhance.PCEnhancer; import org.apache.openjpa.util.InternalException; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import serp.bytecode.BCClass; import serp.bytecode.BCClassLoader; @@ -74,7 +77,8 @@ if (impl != null) return impl; - ClassLoader parentLoader = iface.getClassLoader(); + ClassLoader parentLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(iface)); BCClassLoader loader = new BCClassLoader(_project, parentLoader); BCClassLoader enhLoader = new BCClassLoader(_enhProject, parentLoader); BCClass bc = _project.loadClass(getClassName(meta)); @@ -82,8 +86,10 @@ ClassMetaData sup = meta.getPCSuperclassMetaData(); if (sup != null) { bc.setSuperclass(sup.getInterfaceImpl()); - enhLoader = new BCClassLoader(_enhProject, - sup.getInterfaceImpl().getClassLoader()); + enhLoader = new BCClassLoader(_enhProject, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + sup.getInterfaceImpl()))); } FieldMetaData[] fields = meta.getDeclaredFields(); @@ -164,7 +170,8 @@ */ private void invalidateNonBeanMethods(BCClass bc, Class iface, Set methods) { - Method[] meths = iface.getDeclaredMethods(); + Method[] meths = (Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( iface )); BCMethod meth; Code code; Class type = _repos.getMetaDataFactory().getDefaults(). @@ -198,9 +205,10 @@ */ private static Method getMethodSafe(Class iface, String name, Class arg) { try { - return iface.getDeclaredMethod(name, arg == null ? null : - new Class[]{arg}); - } catch (NoSuchMethodException e) { + return (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + iface, name, arg == null ? null : new Class[]{arg})); + } catch( PrivilegedActionException pae ) { throw new InternalException (_loc.get ("interface-mismatch", name)); } } @@ -209,10 +217,11 @@ if (fmd.getType() != boolean.class && fmd.getType() != Boolean.class) return true; try { - Method meth = iface.getDeclaredMethod("is" + StringUtils.capitalize - (fmd.getName()), (Class[]) null); + Method meth = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( iface, "is" + + StringUtils.capitalize(fmd.getName()), (Class[]) null)); return meth == null; - } catch (NoSuchMethodException e) {} + } catch (PrivilegedActionException pae) {} return true; } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java (working copy) @@ -20,8 +20,11 @@ import java.io.File; import java.io.IOException; +import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -47,6 +50,7 @@ import org.apache.openjpa.lib.meta.ZipFileMetaDataIterator; import org.apache.openjpa.lib.meta.ZipStreamMetaDataIterator; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.GeneralException; import org.apache.openjpa.util.UserException; @@ -93,7 +97,8 @@ File file; for (int i = 0; i < strs.length; i++) { file = new File(strs[i]); - if (file.exists()) + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) this.files.add(file); } } @@ -366,7 +371,9 @@ queries[i].setSource(defaultSourceFile(queries[i], clsNames), queries[i].getSourceScope(), queries[i].getSourceType()); - if (queries[i].getSourceFile().exists()) { + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( queries[i].getSourceFile()))) + .booleanValue()) { if (files == null) files = new HashSet(); files.add(queries[i].getSourceFile()); @@ -377,7 +384,9 @@ if (getSourceFile(seqs[i]) == null) setSourceFile(seqs[i], defaultSourceFile(seqs[i], clsNames)); - if (getSourceFile(seqs[i]).exists()) { + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction(getSourceFile(seqs[i])))) + .booleanValue()) { if (files == null) files = new HashSet(); files.add(getSourceFile(seqs[i])); @@ -403,7 +412,9 @@ if (queries[i].getSourceFile() == null) queries[i].setSource(defaultSourceFile(queries[i], clsNames), queries[i].getSourceScope(), queries[i].getSourceType()); - if (queries[i].getSourceFile().exists()) { + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( queries[i].getSourceFile() ))) + .booleanValue()) { if (files == null) files = new HashSet(); files.add(queries[i].getSourceFile()); @@ -654,9 +665,16 @@ } else if (url.getPath().endsWith(".jar")) { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-jar-at-url", url)); - scan(new ZipStreamMetaDataIterator( - new ZipInputStream(url.openStream()), - newMetaDataFilter()), cparser, names, true, url); + try { + InputStream is = (InputStream) + AccessController.doPrivileged( + J2DoPrivHelper.openStreamAction(url)); + scan(new ZipStreamMetaDataIterator( + new ZipInputStream(is), + newMetaDataFilter()), cparser, names, true, url); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } else { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-url", url)); @@ -674,14 +692,22 @@ for (Iterator itr = rsrcs.iterator(); itr.hasNext();) { rsrc = (String) itr.next(); if (rsrc.endsWith(".jar")) { - url = loader.getResource(rsrc); + url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, rsrc)); if (url != null) { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-jar-stream-url", url)); - scan(new ZipStreamMetaDataIterator - (new ZipInputStream(url.openStream()), + try { + InputStream is = (InputStream) + AccessController.doPrivileged( + J2DoPrivHelper.openStreamAction(url)); + scan(new ZipStreamMetaDataIterator + (new ZipInputStream(is), newMetaDataFilter()), cparser, names, true, url); + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); + } } } else { if (log.isTraceEnabled()) Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/ClassMetaData.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/ClassMetaData.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/ClassMetaData.java (working copy) @@ -22,6 +22,7 @@ import java.lang.reflect.Field; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -42,6 +43,7 @@ import org.apache.openjpa.enhance.Reflection; import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.meta.SourceTracker; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.xml.Commentable; import org.apache.openjpa.util.ByteId; @@ -843,7 +845,8 @@ if (getDeclaredField(field) != null) return true; if (_staticFields == null) { - Field[] fields = _type.getDeclaredFields(); + Field[] fields = (Field[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldsAction( _type )); Set names = new HashSet((int) (fields.length * 1.33 + 1)); for (int i = 0; i < fields.length; i++) if (Modifier.isStatic(fields[i].getModifiers())) Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/SequenceMetaData.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/SequenceMetaData.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/SequenceMetaData.java (working copy) @@ -20,6 +20,8 @@ import java.io.File; import java.io.Serializable; +import java.security.AccessController; +import java.security.PrivilegedActionException; import org.apache.commons.lang.StringUtils; import org.apache.openjpa.conf.SeqValue; @@ -28,6 +30,7 @@ import org.apache.openjpa.lib.conf.PluginValue; import org.apache.openjpa.lib.meta.SourceTracker; import org.apache.openjpa.lib.util.Closeable; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.xml.Commentable; import org.apache.openjpa.util.MetaDataException; @@ -252,7 +255,8 @@ String clsName = plugin.getClassName(); Class cls = Class.forName(clsName, true, - Seq.class.getClassLoader()); + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(Seq.class))); StringBuffer props = new StringBuffer(); if (plugin.getProperties() != null) props.append(plugin.getProperties()); @@ -262,7 +266,8 @@ // interface or a factory class Seq seq; if (Seq.class.isAssignableFrom(cls)) { - seq = (Seq) cls.newInstance(); + seq = (Seq) AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(cls)); Configurations.configureInstance(seq, _repos.getConfiguration(), props.toString()); seq.setType(_type); @@ -275,6 +280,8 @@ } catch (OpenJPAException ke) { throw ke; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new MetaDataException(_loc.get("cant-init-seq", _name)). setCause(e); } Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/MetaDataRepository.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/MetaDataRepository.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/MetaDataRepository.java (working copy) @@ -19,6 +19,7 @@ package org.apache.openjpa.meta; import java.io.Serializable; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -42,6 +43,7 @@ import org.apache.openjpa.lib.conf.Configuration; import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.util.Closeable; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.InternalException; import org.apache.openjpa.util.MetaDataException; @@ -398,7 +400,9 @@ // class never registers itself with the system if ((_validate & VALIDATE_RUNTIME) != 0) { try { - Class.forName(cls.getName(), true, cls.getClassLoader()); + Class.forName(cls.getName(), true, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(cls))); } catch (Throwable t) { } } @@ -976,7 +980,8 @@ if (_log.isTraceEnabled()) _log.trace(_loc.get("resolve-identity", oidClass)); - ClassLoader cl = oidClass.getClassLoader(); + ClassLoader cl = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(oidClass)); String className; while (oidClass != null && oidClass != Object.class) { className = oidClass.getName(); Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractMetaDataDefaults.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractMetaDataDefaults.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractMetaDataDefaults.java (working copy) @@ -22,11 +22,13 @@ import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; -import org.apache.commons.lang.StringUtils; import org.apache.openjpa.enhance.PCRegistry; import org.apache.openjpa.enhance.Reflection; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.InternalException; import org.apache.openjpa.util.OpenJPAException; @@ -185,7 +187,9 @@ FieldMetaData fmd; for (int i = 0; i < fieldNames.length; i ++) { if (meta.getAccessType() == ClassMetaData.ACCESS_FIELD) - member = cls.getDeclaredField(fieldNames[i]); + member = (Field)AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldAction( + cls,fieldNames[i])); else member = Reflection.findGetter(meta.getDescribedType(), fieldNames[i], true); @@ -200,6 +204,8 @@ } catch (OpenJPAException ke) { throw ke; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new UserException(e); } } @@ -211,9 +217,13 @@ Member[] members; boolean iface = meta.getDescribedType().isInterface(); if (meta.getAccessType() == ClassMetaData.ACCESS_FIELD && !iface) - members = meta.getDescribedType().getDeclaredFields(); + members = (Field[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldsAction( + meta.getDescribedType())); else - members = meta.getDescribedType().getDeclaredMethods(); + members = (Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( + meta.getDescribedType())); int mods; String name; @@ -313,12 +323,16 @@ //### where the superclass uses a different access type if (fmd.getDefiningMetaData().getAccessType() == ClassMetaData.ACCESS_FIELD) - return fmd.getDeclaringType().getDeclaredField(fmd.getName()); + return (Field) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldAction( + fmd.getDeclaringType(), fmd.getName())); return Reflection.findGetter(fmd.getDeclaringType(), fmd.getName(), true); } catch (OpenJPAException ke) { throw ke; } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw new InternalException(e); } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/ee/WASManagedRuntime.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/ee/WASManagedRuntime.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/ee/WASManagedRuntime.java (working copy) @@ -21,6 +21,7 @@ import java.io.IOException; import java.io.InputStream; import java.lang.reflect.Method; +import java.security.AccessController; import javax.naming.Context; import javax.naming.InitialContext; @@ -39,6 +40,7 @@ import org.apache.openjpa.lib.conf.Configurable; import org.apache.openjpa.lib.conf.Configuration; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.InvalidStateException; import org.apache.openjpa.util.NoTransactionException; Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java (working copy) @@ -27,10 +27,12 @@ import java.io.ObjectStreamClass; import java.io.OutputStream; import java.io.Serializable; +import java.security.AccessController; import org.apache.openjpa.conf.OpenJPAConfiguration; import org.apache.openjpa.kernel.StoreContext; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.MultiClassLoader; @@ -129,8 +131,8 @@ } protected void addContextClassLoaders(MultiClassLoader loader) { - loader.addClassLoader(Thread.currentThread(). - getContextClassLoader()); + loader.addClassLoader((ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction())); } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/Exceptions.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/Exceptions.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/Exceptions.java (working copy) @@ -28,6 +28,7 @@ import org.apache.openjpa.conf.OpenJPAVersion; import org.apache.openjpa.enhance.PersistenceCapable; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; /** @@ -41,7 +42,7 @@ public static final Throwable[] EMPTY_THROWABLES = new Throwable[0]; - static final String SEP = System.getProperty("line.separator"); + static final String SEP = J2DoPrivHelper.getLineSeparator(); private static final OutputStream DEV_NULL = new OutputStream() { public void write(int b) { Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/Proxies.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/Proxies.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/Proxies.java (working copy) @@ -18,14 +18,10 @@ */ package org.apache.openjpa.util; -import java.io.ObjectStreamException; -import java.util.AbstractSet; -import java.util.Iterator; -import java.util.ListIterator; -import java.util.Map; -import java.util.Set; +import java.security.AccessController; import org.apache.openjpa.kernel.OpenJPAStateManager; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; /** @@ -52,9 +48,11 @@ public static void assertAllowedType(Object value, Class allowed) { if (value != null && allowed != null && !allowed.isInstance(value)) { throw new UserException(_loc.get("bad-elem-type", new Object[]{ - allowed.getClassLoader(), + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(allowed)), allowed, - value.getClass().getClassLoader(), + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(value.getClass())), value.getClass() })); } Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java (working copy) @@ -25,6 +25,8 @@ import java.lang.reflect.Constructor; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.sql.Timestamp; import java.util.ArrayList; import java.util.Arrays; @@ -48,6 +50,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.openjpa.kernel.OpenJPAStateManager; import org.apache.openjpa.lib.util.Files; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; @@ -84,8 +87,10 @@ _stdCollections.put(List.class, ArrayList.class); if (JavaVersions.VERSION >= 5) { try { - Class queue = Class.forName("java.util.Queue", false, - Collection.class.getClassLoader()); + Class queue = Class.forName("java.util.Queue", false, + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction( + Collection.class))); _stdCollections.put(queue, LinkedList.class); } catch (Throwable t) { // not really java 5 after all? @@ -492,10 +497,18 @@ if (cons != null) return (Proxy) cls.getConstructor(cons.getParameterTypes()). newInstance(args); - return (Proxy) cls.newInstance(); + return (Proxy) AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(cls)); } catch (InstantiationException ie) { throw new UnsupportedException(_loc.get("cant-newinstance", cls.getSuperclass().getName())); + } catch( PrivilegedActionException pae ) { + Exception e = pae.getException(); + if( e instanceof InstantiationException) + throw new UnsupportedException(_loc.get("cant-newinstance", + cls.getSuperclass().getName())); + else + throw new GeneralException(cls.getName()).setCause(e); } catch (Throwable t) { throw new GeneralException(cls.getName()).setCause(t); } @@ -506,8 +519,10 @@ * classes. */ private static ClassLoader getMostDerivedLoader(Class c1, Class c2) { - ClassLoader l1 = c1.getClassLoader(); - ClassLoader l2 = c2.getClassLoader(); + ClassLoader l1 = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(c1)); + ClassLoader l2 = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(c2)); if (l1 == l2) return l1; if (l1 == null) @@ -515,7 +530,10 @@ if (l2 == null) return l1; - for (ClassLoader p = l1.getParent(); p != null; p = p.getParent()) + for (ClassLoader p = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getParentAction( l1 )); p != null; + p = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getParentAction( p ))) if (p == l2) return l1; return l2; @@ -1570,7 +1588,8 @@ public static void main(String[] args) throws ClassNotFoundException, IOException { File dir = Files.getClassFile(ProxyManagerImpl.class); - dir = (dir == null) ? new File(System.getProperty("user.dir")) + dir = (dir == null) ? new File((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction("user.dir"))) : dir.getParentFile(); Options opts = new Options(); Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/ApplicationIds.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/ApplicationIds.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/ApplicationIds.java (working copy) @@ -20,9 +20,10 @@ import java.lang.reflect.Field; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Date; -import org.apache.commons.lang.StringUtils; import org.apache.openjpa.enhance.FieldManager; import org.apache.openjpa.enhance.PCRegistry; import org.apache.openjpa.enhance.PersistenceCapable; @@ -30,6 +31,7 @@ import org.apache.openjpa.kernel.ObjectIdStateManager; import org.apache.openjpa.kernel.OpenJPAStateManager; import org.apache.openjpa.kernel.StoreManager; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.FieldMetaData; @@ -188,8 +190,11 @@ throw new UserException(_loc.get("objectid-abstract", meta)); Object copy = null; try { - copy = oidType.newInstance(); + copy = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(oidType)); } catch (Throwable t) { + if (t instanceof PrivilegedActionException) + t = ((PrivilegedActionException)t).getException(); throw new GeneralException(t); } @@ -319,8 +324,11 @@ Class oidType = oid.getClass(); Object copy = null; try { - copy = oidType.newInstance(); + copy = AccessController.doPrivileged( + J2DoPrivHelper.newInstanceAction(oidType)); } catch (Throwable t) { + if (t instanceof PrivilegedActionException) + t = ((PrivilegedActionException)t).getException(); throw new GeneralException(t); } Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java (working copy) @@ -18,6 +18,9 @@ */ package org.apache.openjpa.util; +import java.security.AccessController; + +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.MultiClassLoader; /** @@ -37,14 +40,16 @@ // class (the bootstrap loader is the parent of the system loader) ClassLoader contextLoader = null; if (contextClass != null) { - contextLoader = contextClass.getClassLoader(); + contextLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(contextClass)); if (contextLoader == null) - contextLoader = ClassLoader.getSystemClassLoader(); + contextLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getSystemClassLoaderAction()); } // if there is only one unique loader, just return it - ClassLoader threadLoader = Thread.currentThread(). - getContextClassLoader(); + ClassLoader threadLoader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); if ((contextLoader == null || contextLoader == threadLoader) && (envLoader == null || envLoader == threadLoader)) return threadLoader; Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/Id.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/Id.java (revision 548475) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/Id.java (working copy) @@ -18,7 +18,10 @@ */ package org.apache.openjpa.util; +import java.security.AccessController; + import org.apache.openjpa.conf.OpenJPAConfiguration; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import serp.util.Numbers; @@ -75,7 +78,8 @@ */ public Id(String str, ClassLoader loader) { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); if (str == null) _id = 0L; Index: openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java =================================================================== --- openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java (revision 548475) +++ openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java (working copy) @@ -19,10 +19,12 @@ package org.apache.openjpa.enhance; import java.lang.instrument.Instrumentation; +import java.security.AccessController; import org.apache.openjpa.conf.OpenJPAConfiguration; import org.apache.openjpa.conf.OpenJPAConfigurationImpl; import org.apache.openjpa.lib.conf.Configurations; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.TemporaryClassLoader; import org.apache.openjpa.util.ClassResolver; @@ -54,8 +56,9 @@ conf.setConnectionDriverName(null); conf.setConnectionFactoryName(null); // set single class resolver - final ClassLoader tmpLoader = new TemporaryClassLoader(Thread. - currentThread().getContextClassLoader()); + final ClassLoader tmpLoader = new TemporaryClassLoader( + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction())); conf.setClassResolver(new ClassResolver() { public ClassLoader getClassLoader(Class context, ClassLoader env) { return tmpLoader; Index: openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy =================================================================== --- openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy (revision 0) +++ openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy (revision 0) @@ -0,0 +1,82 @@ +// Default Java 2 security policy required by OpenJPA. + +// ================================================================ +// The following permissions are needed to invoke the 'test' target in OpenJPA maven build. + +grant CodeBase "file:///${user.home}/.m2/repository/org/apache/derby/derby/-" { + + permission java.io.FilePermission "<>", "read,write,delete"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.util.PropertyPermission "derby.*", "read"; +}; + +grant CodeBase "file:///${test.basedir}/-" { + + permission java.io.FilePermission "<>", "read,write"; + permission java.io.SerializablePermission "enableSubstitution"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "setIO"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.util.PropertyPermission "*", "read,write"; +}; + +grant CodeBase "file:///${user.home}/.m2/repository/-" { + + permission java.io.FilePermission "<>", "read,write"; + permission java.io.SerializablePermission "enableSubstitution"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "setContextClassLoader"; + permission java.lang.RuntimePermission "setIO"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.util.PropertyPermission "*", "read,write"; +}; + + +// ================================================================ +// The following permissions are required by OpenJPA implementation. +grant CodeBase "${application}/openjpa-1.0.0-SNAPSHOT.jar" { + + // class.getClassLoader() + // thread.getContextClassLoader() + // classloader.getParent() + // classloader.getSystemClassLoader() + // new serp.bytecode.Code() + // serp.bytecode.BCClass.isInstanceOf() + // class.newInstance() + // + permission java.lang.RuntimePermission "getClassLoader"; + + // urlConnection.getContext() + // url.openStream() + // classloader.getResource() + // classloader.getResources() + // new FileInputStream() + // file.exists() + // + permission java.io.FilePermission "<>", "read"; + + // file.mkdirs() + // file.renameTo() + // new FileOutputStream() + // + permission java.io.FilePermission "<>", "write"; + + // class.getDeclaredField() + // class.getDeclaredFields() + // class.getDeclaredMethod() + // class.getDeclaredMethods() + // + permission java.lang.RuntimePermission "accessDeclaredMembers"; + + // System.getProperty() + // System.getPrperties() + // File.getAbsolutePath() + // File.getCanonicalPath() + // + permission java.util.PropertyPermission "*", "read"; +}; + Index: openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java =================================================================== --- openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java (revision 548475) +++ openjpa-persistence-jdbc/src/main/java/org/apache/openjpa/persistence/jdbc/JDBCPersistenceProductDerivation.java (working copy) @@ -18,6 +18,7 @@ */ package org.apache.openjpa.persistence.jdbc; +import java.security.AccessController; import java.util.Map; import org.apache.openjpa.conf.OpenJPAConfiguration; @@ -26,6 +27,7 @@ import org.apache.openjpa.jdbc.kernel.JDBCStoreManager; import org.apache.openjpa.lib.conf.AbstractProductDerivation; import org.apache.openjpa.lib.conf.Configuration; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.persistence.FetchPlan; import org.apache.openjpa.persistence.PersistenceProductDerivation; @@ -50,7 +52,8 @@ public void validate() throws Exception { // make sure JPA is available - javax.persistence.EntityManagerFactory.class.getClassLoader(); + AccessController.doPrivileged(J2DoPrivHelper.getClassLoaderAction( + javax.persistence.EntityManagerFactory.class)); } @Override Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataFactory.java (working copy) @@ -21,6 +21,7 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.security.AccessController; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -45,6 +46,7 @@ import org.apache.openjpa.lib.meta.ClassArgParser; import org.apache.openjpa.lib.meta.MetaDataFilter; import org.apache.openjpa.lib.meta.MetaDataParser; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.meta.AbstractCFMetaDataFactory; @@ -429,10 +431,12 @@ private File defaultXMLFile() { ClassLoader loader = repos.getConfiguration(). getClassResolverInstance().getClassLoader(getClass(), null); - URL rsrc = loader.getResource("META-INF/orm.xml"); + URL rsrc = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, "META-INF/orm.xml")); if (rsrc != null) { File file = new File(rsrc.getFile()); - if (file.exists()) + if (((Boolean)AccessController.doPrivileged( + J2DoPrivHelper.existsAction( file ))).booleanValue()) return file; } return new File("orm.xml"); Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java (working copy) @@ -23,6 +23,7 @@ import java.net.URISyntaxException; import java.net.URL; import java.net.URLDecoder; +import java.security.AccessController; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -38,6 +39,7 @@ import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.conf.ProductDerivations; import org.apache.openjpa.lib.meta.SourceTracker; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.MultiClassLoader; import org.apache.openjpa.lib.util.TemporaryClassLoader; @@ -91,8 +93,9 @@ } public ClassLoader getNewTempClassLoader() { - return new TemporaryClassLoader(Thread.currentThread(). - getContextClassLoader()); + return new TemporaryClassLoader( + (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction())); } public String getPersistenceUnitName() { @@ -201,15 +204,17 @@ MultiClassLoader loader = new MultiClassLoader(); loader.addClassLoader(getClass().getClassLoader()); loader.addClassLoader(MultiClassLoader.THREAD_LOADER); - URL url = loader.getResource(name); + URL url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, name)); if (url != null) { addJarFile(url); return; } // jar file is not a resource; check classpath - String[] cp = System.getProperty("java.class.path"). - split(System.getProperty("path.separator")); + String[] cp = ((String)AccessController.doPrivileged( + J2DoPrivHelper.getPropertyAction("java.class.path"))) + .split(J2DoPrivHelper.getPathSeparator()); for (int i = 0; i < cp.length; i++) { if (cp[i].equals(name) || cp[i].endsWith(File.separatorChar + name)) { Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataParser.java (working copy) @@ -28,6 +28,7 @@ import java.lang.reflect.Modifier; import java.net.URISyntaxException; import java.net.URL; +import java.security.AccessController; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -86,6 +87,7 @@ import org.apache.openjpa.kernel.jpql.JPQLParser; import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.DelegatingMetaDataFactory; @@ -659,14 +661,18 @@ cls = cls.getEnclosingClass(); String rsrc = StringUtils.replace(cls.getName(), ".", "/"); - ClassLoader loader = cls.getClassLoader(); + ClassLoader loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getClassLoaderAction(cls)); if (loader == null) - loader = ClassLoader.getSystemClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getSystemClassLoaderAction()); if (loader == null) return null; - URL url = loader.getResource(rsrc + ".java"); + URL url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, rsrc + ".java")); if (url == null) { - url = loader.getResource(rsrc + ".class"); + url = (URL)AccessController.doPrivileged( + J2DoPrivHelper.getResourceAction(loader, rsrc + ".class")); if (url == null) return null; } @@ -750,7 +756,9 @@ else meta.setDetachedState(detached.fieldName()); } else { - Field[] fields = meta.getDescribedType().getDeclaredFields(); + Field[] fields = (Field[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldsAction( + meta.getDescribedType())); for (int i = 0; i < fields.length; i++) if (fields[i].isAnnotationPresent(DetachedState.class)) meta.setDetachedState(fields[i].getName()); @@ -790,7 +798,8 @@ MethodKey key; Set seen = new HashSet(); do { - for (Method m : sup.getDeclaredMethods()) { + for (Method m : (Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( sup ))) { mods = m.getModifiers(); if (Modifier.isStatic(mods) || Modifier.isFinal(mods) || Object.class.equals(m.getDeclaringClass())) Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java (working copy) @@ -21,6 +21,8 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; @@ -42,6 +44,7 @@ import org.apache.openjpa.lib.conf.ProductDerivations; import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.meta.XMLMetaDataParser; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.xml.sax.Attributes; import org.xml.sax.SAXException; @@ -84,7 +87,8 @@ public void validate() throws Exception { // make sure JPA is available - javax.persistence.EntityManagerFactory.class.getClassLoader(); + AccessController.doPrivileged(J2DoPrivHelper.getClassLoaderAction( + javax.persistence.EntityManagerFactory.class)); } @Override @@ -244,14 +248,23 @@ String name, Map m, ClassLoader loader, boolean explicit) throws IOException { if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); - Enumeration urls = loader.getResources(rsrc); - if (!urls.hasMoreElements()) { - if (!rsrc.startsWith("META-INF")) - urls = loader.getResources("META-INF/" + rsrc); - if (!urls.hasMoreElements()) - return null; + Enumeration urls = null; + try { + urls = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction(loader, rsrc)); + if (!urls.hasMoreElements()) { + if (!rsrc.startsWith("META-INF")) + urls = (Enumeration)AccessController.doPrivileged( + J2DoPrivHelper.getResourcesAction( + loader, "META-INF/" + rsrc)); + if (!urls.hasMoreElements()) + return null; + } + } catch( PrivilegedActionException pae ) { + throw (IOException)pae.getException(); } ConfigurationParser parser = new ConfigurationParser(m); @@ -333,7 +346,8 @@ return true; if (loader == null) - loader = Thread.currentThread().getContextClassLoader(); + loader = (ClassLoader)AccessController.doPrivileged( + J2DoPrivHelper.getContextClassLoaderAction()); try { if (PersistenceProviderImpl.class.isAssignableFrom (Class.forName(provider, false, loader))) Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/XMLPersistenceMetaDataParser.java (working copy) @@ -21,6 +21,8 @@ import java.lang.reflect.Field; import java.lang.reflect.Member; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Collection; import java.util.EnumSet; @@ -45,6 +47,7 @@ import org.apache.openjpa.lib.conf.Configurations; import org.apache.openjpa.lib.log.Log; import org.apache.openjpa.lib.meta.CFMetaDataParser; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.DelegatingMetaDataFactory; @@ -1096,22 +1099,29 @@ String cap = StringUtils.capitalize(name); type = meta.getDescribedType(); try { - member = type.getDeclaredMethod("get" + cap, - (Class[]) null); // varargs disambiguate + member = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + type, "get" + cap, + (Class[]) null));// varargs disambiguate } catch (Exception excep) { try { - member = type.getDeclaredMethod("is" + cap, - (Class[]) null); + member = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + type, "is" + cap, (Class[]) null)); } catch (Exception excep2) { throw excep; } } type = ((Method) member).getReturnType(); } else { - member = meta.getDescribedType().getDeclaredField(name); + member = (Field) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldAction( + meta.getDescribedType(), name)); type = ((Field) member).getType(); } } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException)e).getException(); throw getException(_loc.get("invalid-attr", name, meta), e); } Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java (revision 548475) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceMetaDataDefaults.java (working copy) @@ -25,6 +25,7 @@ import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -47,6 +48,7 @@ import javax.persistence.Transient; import org.apache.commons.lang.StringUtils; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.meta.AbstractMetaDataDefaults; import org.apache.openjpa.meta.ClassMetaData; @@ -250,9 +252,11 @@ return ClassMetaData.ACCESS_UNKNOWN; int access = 0; - if (usesAccess(cls.getDeclaredFields())) + if (usesAccess((Field[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredFieldsAction( cls )))) access |= ClassMetaData.ACCESS_FIELD; - if (usesAccess(cls.getDeclaredMethods())) + if (usesAccess((Method[])AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodsAction( cls )))) access |= ClassMetaData.ACCESS_PROPERTY; return (access == 0) ? getAccessType(cls.getSuperclass()) : access; } @@ -285,9 +289,11 @@ if (member instanceof Method) { try { // check for setters for methods - Method setter = meta.getDescribedType().getDeclaredMethod("set" - + StringUtils.capitalize(name), new Class[] { - ((Method) member).getReturnType() }); + Method setter = (Method) AccessController.doPrivileged( + J2DoPrivHelper.getDeclaredMethodAction( + meta.getDescribedType(), "set" + + StringUtils.capitalize(name), new Class[] { + ((Method) member).getReturnType() })); if (setter == null) return false; } catch (Exception e) {