Index: openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java =================================================================== --- openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java (revision 562121) +++ openjpa-jdbc/src/main/java/org/apache/openjpa/jdbc/meta/ReverseMappingTool.java (working copy) @@ -179,7 +179,8 @@ private final Log _log; private final Map _tables = new HashMap(); private final Project _project = new Project(); - private final BCClassLoader _loader = new BCClassLoader(_project); + private final BCClassLoader _loader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction(_project)); private StrategyInstaller _strat = null; private String _package = null; private File _dir = null; Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/ApplicationIdTool.java (working copy) @@ -1366,7 +1366,8 @@ ApplicationIdTool tool; Class cls; ClassMetaData meta; - BCClassLoader bc = new BCClassLoader(new Project()); + BCClassLoader bc = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction(new Project())); for (Iterator itr = classes.iterator(); itr.hasNext();) { cls = (Class) itr.next(); log.info(_loc.get("appid-running", cls)); Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/DynamicStorageGenerator.java (working copy) @@ -96,9 +96,10 @@ // the project/classloader for the classes. private final Project _project = new Project(); - private final BCClassLoader _loader = new BCClassLoader(_project, - (ClassLoader) AccessController.doPrivileged( - J2DoPrivHelper.getClassLoaderAction(DynamicStorage.class))); + private final BCClassLoader _loader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction(_project, + (ClassLoader) AccessController.doPrivileged(J2DoPrivHelper + .getClassLoaderAction(DynamicStorage.class)))); /** * Generate a generic {@link DynamicStorage} instance with the given Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/PCEnhancer.java (working copy) @@ -14,7 +14,7 @@ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations - * under the License. + * under the License. */ package org.apache.openjpa.enhance; @@ -57,7 +57,6 @@ import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.Options; import org.apache.openjpa.lib.util.Services; -import org.apache.openjpa.lib.util.TemporaryClassLoader; import org.apache.openjpa.lib.util.Localizer.Message; import org.apache.openjpa.meta.ClassMetaData; import org.apache.openjpa.meta.FieldMetaData; @@ -135,7 +134,7 @@ (PCEnhancer.class); private static final String REDEFINED_ATTRIBUTE = PCEnhancer.class.getName() + "#redefined-type"; - + private static final AuxiliaryEnhancer[] _auxEnhancers; static { Class[] classes = Services.getImplementorClasses( @@ -147,11 +146,11 @@ try { auxEnhancers.add(AccessController.doPrivileged( J2DoPrivHelper.newInstanceAction(classes[i]))); - } catch (Throwable t) { + } catch (Throwable t) { // aux enhancer may rely on non-existant spec classes, etc - } - } - _auxEnhancers = (AuxiliaryEnhancer[]) auxEnhancers.toArray + } + } + _auxEnhancers = (AuxiliaryEnhancer[]) auxEnhancers.toArray (new AuxiliaryEnhancer[auxEnhancers.size()]); } @@ -179,7 +178,9 @@ * Constructor. Supply configuration and type to enhance. */ public PCEnhancer(OpenJPAConfiguration conf, Class type) { - this(conf, new Project().loadClass(type), (MetaDataRepository) null); + this(conf, (BCClass) AccessController.doPrivileged(J2DoPrivHelper + .loadProjectClassAction(new Project(), type)), + (MetaDataRepository) null); } /** @@ -186,7 +187,8 @@ * Constructor. Supply configuration and type to enhance. */ public PCEnhancer(OpenJPAConfiguration conf, ClassMetaData type) { - this(conf, new Project().loadClass(type.getDescribedType()), + this(conf, (BCClass) AccessController.doPrivileged(J2DoPrivHelper + .loadProjectClassAction(new Project(), type.getDescribedType())), type.getRepository()); } @@ -202,7 +204,7 @@ * implementation-specific subclass whose metadata * required more than just base metadata files * @deprecated use {@link #PCEnhancer(OpenJPAConfiguration, BCClass, - MetaDataRepository, ClassLoader)} instead. + MetaDataRepository, ClassLoader)} instead. */ public PCEnhancer(OpenJPAConfiguration conf, BCClass type, MetaDataRepository repos) { @@ -596,7 +598,7 @@ if (assigned != returned) addViolation("property-setter-getter-mismatch", new Object[] - { fmds[i], assigned.getName(), (returned == null) + { fmds[i], assigned.getName(), (returned == null) ? null : returned.getName() }, false); } } @@ -726,14 +728,19 @@ // if the middle instruction was a getfield, then it's the // field that's being accessed - if (!findAccessed && prevIns instanceof GetFieldInstruction) - cur = ((FieldInstruction) prevIns).getField(); + if (!findAccessed && prevIns instanceof GetFieldInstruction) { + final FieldInstruction fPrevIns = (FieldInstruction) prevIns; + cur = (BCField) AccessController.doPrivileged( + J2DoPrivHelper.getFieldInstructionFieldAction(fPrevIns)); // if the middle instruction was an xload_1, then the // matched instruction is the field that's being set. - else if (findAccessed && prevIns instanceof LoadInstruction - && ((LoadInstruction) prevIns).getParam() == 0) - cur = ((FieldInstruction) templateIns).getField(); - else + } else if (findAccessed && prevIns instanceof LoadInstruction + && ((LoadInstruction) prevIns).getParam() == 0) { + final FieldInstruction fTemplateIns = + (FieldInstruction) templateIns; + cur = (BCField) AccessController.doPrivileged(J2DoPrivHelper + .getFieldInstructionFieldAction(fTemplateIns)); + } else return null; if (field != null && cur != field) @@ -888,7 +895,10 @@ // first load the old value for use in the // StateManager.settingXXX method. loadManagedInstance(code, false); - code.getfield().setField(fi.getField()); + final FieldInstruction fFi = fi; + code.getfield().setField( + (BCField) AccessController.doPrivileged(J2DoPrivHelper + .getFieldInstructionFieldAction(fFi))); int val = code.getNextLocalsIndex(); code.xstore().setLocal(val).setType(fi.getFieldType()); @@ -915,7 +925,7 @@ /** * This must be called after setting the value in the object. - * + * * @param code * @param val the position in the local variable table where the * old value is stored @@ -1376,7 +1386,7 @@ args = new String[]{ int.class.getName() }; code.iload().setParam(fieldNumber); code.invokespecial().setMethod(getType(_meta. - getPCSuperclassMetaData()).getName(), name, + getPCSuperclassMetaData()).getName(), name, void.class.getName(), args); code.vreturn(); } else @@ -1442,7 +1452,7 @@ } // if (other.pcStateManager != pcStateManager) - // throw new IllegalArgumentException + // throw new IllegalArgumentException loadManagedInstance(code, false); code.getfield().setField(SM, SMTYPE); @@ -1501,7 +1511,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "get" + CONTEXTNAME, (Class[]) null)), false); - + // pcFetchObjectId translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1507,7 +1517,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "fetchObjectId", (Class[]) null)), false); - + // pcIsDeleted translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1513,7 +1523,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "isDeleted", (Class[]) null)), false); - + // pcIsDirty translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1519,7 +1529,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "isDirty", (Class[]) null)), true); - + // pcIsNew translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1525,7 +1535,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "isNew", (Class[]) null)), false); - + // pcIsPersistent translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1531,7 +1541,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "isPersistent", (Class[]) null)), false); - + // pcIsTransactional translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1537,7 +1547,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "isTransactional", (Class[]) null)), false); - + // pcSerializing translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1543,7 +1553,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "serializing", (Class[]) null)), false); - + // pcDirty translateFromStateManagerMethod( (Method) AccessController.doPrivileged( @@ -1549,7 +1559,7 @@ (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction( SMTYPE, "dirty", new Class[]{ String.class })), false); - + // pcGetStateManager BCMethod meth = _pc.declareMethod(PRE + "GetStateManager", StateManager.class, null); @@ -1598,7 +1608,7 @@ ifins.setTarget(loadManagedInstance(code, false)); code.getfield().setField(SM, SMTYPE); code.dup(); // for the return statement below - code.invokestatic().setMethod(RedefinitionHelper.class, + code.invokestatic().setMethod(RedefinitionHelper.class, "dirtyCheck", void.class, new Class[] { SMTYPE }); } else { ifins.setTarget(loadManagedInstance(code, false)); @@ -1604,7 +1614,7 @@ ifins.setTarget(loadManagedInstance(code, false)); code.getfield().setField(SM, SMTYPE); } - + // return pcStateManager. (); // managed instance loaded above in if-else block for (int i = 0; i < params.length; i++) @@ -1698,7 +1708,7 @@ Code code = method.getCode(true); // if (pcStateManager != null) - // pcStateManager = pcStateManager.replaceStateManager(sm); + // pcStateManager = pcStateManager.replaceStateManager(sm); loadManagedInstance(code, false); code.getfield().setField(SM, SMTYPE); JumpInstruction ifins = code.ifnull(); @@ -1713,7 +1723,7 @@ // SecurityManager sec = System.getSecurityManager (); // if (sec != null) - // sec.checkPermission (Permission.SET_STATE_MANAGER); + // sec.checkPermission (Permission.SET_STATE_MANAGER); ifins.setTarget(code.invokestatic().setMethod(System.class, "getSecurityManager", SecurityManager.class, null)); @@ -1733,7 +1743,7 @@ */ private void addNoOpApplicationIdentityMethods() { // public void pcCopyKeyFieldsToObjectId (ObjectIdFieldSupplier fs, - // Object oid) + // Object oid) BCMethod method = _pc.declareMethod(PRE + "CopyKeyFieldsToObjectId", void.class, new Class[]{ OIDFSTYPE, Object.class }); Code code = method.getCode(true); @@ -1748,7 +1758,7 @@ code.calculateMaxLocals(); // public void pcCopyKeyFieldsFromObjectId (ObjectIdFieldConsumer fc, - // Object oid) + // Object oid) method = _pc.declareMethod(PRE + "CopyKeyFieldsFromObjectId", void.class, new Class[]{ OIDFCTYPE, Object.class }); code = method.getCode(true); @@ -1788,7 +1798,7 @@ private void addCopyKeyFieldsToObjectIdMethod(boolean fieldManager) throws NoSuchMethodException { // public void pcCopyKeyFieldsToObjectId (ObjectIdFieldSupplier fs, - // Object oid) + // Object oid) String[] args = (fieldManager) ? new String[]{ OIDFSTYPE.getName(), Object.class.getName() } : new String[]{ Object.class.getName() }; @@ -1867,7 +1877,7 @@ code.classconstant().setClass(oidType); code.constant().setValue(name); code.constant().setValue(true); - code.invokestatic().setMethod(Reflection.class, + code.invokestatic().setMethod(Reflection.class, "findField", Field.class, new Class[] { Class.class, String.class, boolean.class }); } @@ -1880,7 +1890,7 @@ code.constant().setValue(name); code.classconstant().setClass(type); code.constant().setValue(true); - code.invokestatic().setMethod(Reflection.class, + code.invokestatic().setMethod(Reflection.class, "findSetter", Method.class, new Class[] { Class.class, String.class, Class.class, boolean.class }); } @@ -1910,11 +1920,11 @@ } if (reflect && field != null) { - code.invokestatic().setMethod(Reflection.class, "set", + code.invokestatic().setMethod(Reflection.class, "set", void.class, new Class[] { Object.class, Field.class, (type.isPrimitive()) ? type : Object.class }); - } else if (reflect) { - code.invokestatic().setMethod(Reflection.class, "set", + } else if (reflect) { + code.invokestatic().setMethod(Reflection.class, "set", void.class, new Class[] { Object.class, Method.class, (type.isPrimitive()) ? type : Object.class }); } else if (field != null) @@ -1933,7 +1943,7 @@ * setting into an objectid instance. */ private void addExtractObjectIdFieldValueCode(Code code, FieldMetaData pk) { - // if (val != null) + // if (val != null) // val = ((PersistenceCapable) val).pcFetchObjectId(); int pc = code.getNextLocalsIndex(); code.astore().setLocal(pc); @@ -1940,7 +1950,7 @@ code.aload().setLocal(pc); JumpInstruction ifnull1 = code.ifnull(); code.aload().setLocal(pc); - code.checkcast().setType(PersistenceCapable.class); + code.checkcast().setType(PersistenceCapable.class); code.invokeinterface().setMethod(PersistenceCapable.class, PRE + "FetchObjectId", Object.class, null); int oid = code.getNextLocalsIndex(); @@ -1946,7 +1956,7 @@ int oid = code.getNextLocalsIndex(); code.astore().setLocal(oid); code.aload().setLocal(oid); - JumpInstruction ifnull2 = code.ifnull(); + JumpInstruction ifnull2 = code.ifnull(); // for datastore / single-field identity: // if (val != null) @@ -1954,11 +1964,11 @@ ClassMetaData pkmeta = pk.getDeclaredTypeMetaData(); int pkcode = pk.getObjectIdFieldTypeCode(); Class pktype = pk.getObjectIdFieldType(); - if (pkmeta.getIdentityType() == ClassMetaData.ID_DATASTORE + if (pkmeta.getIdentityType() == ClassMetaData.ID_DATASTORE && pkcode == JavaTypes.LONG) { code.aload().setLocal(oid); code.checkcast().setType(Id.class); - code.invokevirtual().setMethod(Id.class, "getId", + code.invokevirtual().setMethod(Id.class, "getId", long.class, null); } else if (pkmeta.getIdentityType() == ClassMetaData.ID_DATASTORE) { code.aload().setLocal(oid); @@ -1987,7 +1997,7 @@ code.invokevirtual().setMethod(CharId.class, "getId", char.class, null); if (pkcode == JavaTypes.CHAR_OBJ) - code.invokespecial().setMethod(Character.class, + code.invokespecial().setMethod(Character.class, "", void.class, new Class[] {char.class}); break; case JavaTypes.DOUBLE_OBJ: @@ -2000,7 +2010,7 @@ code.invokevirtual().setMethod(DoubleId.class, "getId", double.class, null); if (pkcode == JavaTypes.DOUBLE_OBJ) - code.invokespecial().setMethod(Double.class, "", + code.invokespecial().setMethod(Double.class, "", void.class, new Class[]{double.class}); break; case JavaTypes.FLOAT_OBJ: @@ -2013,7 +2023,7 @@ code.invokevirtual().setMethod(FloatId.class, "getId", float.class, null); if (pkcode == JavaTypes.FLOAT_OBJ) - code.invokespecial().setMethod(Float.class, "", + code.invokespecial().setMethod(Float.class, "", void.class, new Class[]{float.class}); break; case JavaTypes.INT_OBJ: @@ -2052,7 +2062,7 @@ code.invokevirtual().setMethod(ShortId.class, "getId", short.class, null); if (pkcode == JavaTypes.SHORT_OBJ) - code.invokespecial().setMethod(Short.class, "", + code.invokespecial().setMethod(Short.class, "", void.class, new Class[]{short.class}); break; case JavaTypes.DATE: @@ -2123,8 +2133,8 @@ private void addCopyKeyFieldsFromObjectIdMethod(boolean fieldManager) throws NoSuchMethodException { // public void pcCopyKeyFieldsFromObjectId (ObjectIdFieldConsumer fc, - // Object oid) - String[] args = (fieldManager) + // Object oid) + String[] args = (fieldManager) ? new String[]{ OIDFCTYPE.getName(), Object.class.getName() } : new String[]{ Object.class.getName() }; BCMethod method = _pc.declareMethod(PRE + "CopyKeyFieldsFromObjectId", @@ -2175,9 +2185,9 @@ name = fmds[i].getName(); type = fmds[i].getObjectIdFieldType(); - if (!fieldManager + if (!fieldManager && fmds[i].getDeclaredTypeCode() == JavaTypes.PC) { - // sm.getPCPrimaryKey(oid, i + pcInheritedFieldCount); + // sm.getPCPrimaryKey(oid, i + pcInheritedFieldCount); loadManagedInstance(code, false); code.dup(); // leave orig on stack to set value into code.getfield().setField(SM, SMTYPE); @@ -2185,12 +2195,12 @@ code.constant().setValue(i); code.getstatic().setField(INHERIT, int.class); code.iadd(); - code.invokeinterface().setMethod(StateManager.class, - "getPCPrimaryKey", Object.class, + code.invokeinterface().setMethod(StateManager.class, + "getPCPrimaryKey", Object.class, new Class[] { Object.class, int.class }); code.checkcast().setType(fmds[i].getDeclaredType()); - } else { - unwrapped = (fmds[i].getDeclaredTypeCode() == JavaTypes.PC) + } else { + unwrapped = (fmds[i].getDeclaredTypeCode() == JavaTypes.PC) ? type : unwrapSingleFieldIdentity(fmds[i]); if (fieldManager) { code.aload().setParam(0); @@ -2217,7 +2227,7 @@ if (!fieldManager && type != Date.class) code.checkcast().setType(fmds[i].getDeclaredType()); } else { - code.invokevirtual().setMethod(oidType, "getId", + code.invokevirtual().setMethod(oidType, "getId", unwrapped, null); if (unwrapped != type) code.invokespecial().setMethod(type, "", @@ -2233,7 +2243,7 @@ code.constant().setValue(name); code.constant().setValue(true); code.invokestatic().setMethod(Reflection.class, - "findField", Field.class, new Class[] { + "findField", Field.class, new Class[] { Class.class, String.class, boolean.class }); code.invokestatic().setMethod (getReflectionGetterMethod(type, Field.class)); @@ -2336,8 +2346,8 @@ String name = "get"; if (type.isPrimitive()) name += StringUtils.capitalize(type.getName()); - return Reflection.class.getMethod(name, new Class[] { Object.class, - argType }); + return Reflection.class.getMethod(name, new Class[] { Object.class, + argType }); } /** @@ -2500,7 +2510,7 @@ // use reflection to return the right method String name = prefix + typeName + "Field"; Class[] params = (Class[]) plist.toArray(new Class[plist.size()]); - + try { return (Method) AccessController.doPrivileged( J2DoPrivHelper.getDeclaredMethodAction(owner, name, params)); @@ -2649,7 +2659,7 @@ code.putstatic().setField(PRE + "FieldFlags", byte[].class); // PCRegistry.register (cls, - // pcFieldNames, pcFieldTypes, pcFieldFlags, + // pcFieldNames, pcFieldTypes, pcFieldFlags, // pcPCSuperclass, alias, new XXX ()); code.classconstant().setClass(_managedType); code.getstatic().setField(PRE + "FieldNames", String[].class); @@ -2656,7 +2666,7 @@ code.getstatic().setField(PRE + "FieldTypes", Class[].class); code.getstatic().setField(PRE + "FieldFlags", byte[].class); code.getstatic().setField(SUPER, Class.class); - + if (_meta.isMapped()) code.constant().setValue(_meta.getTypeAlias()); else @@ -2936,7 +2946,7 @@ } // if (sm != null) - // return (sm.isDetached ()) ? Boolean.TRUE : Boolean.FALSE; + // return (sm.isDetached ()) ? Boolean.TRUE : Boolean.FALSE; loadManagedInstance(code, false); code.getfield().setField(SM, SMTYPE); JumpInstruction ifins = code.ifnull(); @@ -2998,7 +3008,7 @@ FieldMetaData version = _meta.getVersionField(); if (state != Boolean.TRUE && version != null) { // if ( != ) - // return true; + // return true; loadManagedInstance(code, false); addGetManagedValueCode(code, version); ifins = ifDefaultValue(code, version); @@ -3046,7 +3056,7 @@ && _meta.getIdentityType() == ClassMetaData.ID_APPLICATION) { // for each pk field: // if ( != [&& !"".equals ()]) - // return Boolean.TRUE; + // return Boolean.TRUE; FieldMetaData[] pks = _meta.getPrimaryKeyFields(); for (int i = 0; i < pks.length; i++) { if (pks[i].getValueStrategy() == ValueStrategies.NONE) @@ -3150,9 +3160,9 @@ /** * Adds bytecode modifying the cloning behavior of the class being - * enhanced to correctly replace the pcStateManager - * instance fields of any clone created with their default values. - * Also, if this class is the base PC type and does not declared + * enhanced to correctly replace the pcStateManager + * instance fields of any clone created with their default values. + * Also, if this class is the base PC type and does not declared * a clone method, one will be added. Also, if _pc is a synthetic * subclass, create the clone() method that clears the state manager * that may have been initialized in a super's clone() method. @@ -3162,7 +3172,7 @@ return; // add the clone method if necessary - BCMethod clone = _pc.getDeclaredMethod("clone", + BCMethod clone = _pc.getDeclaredMethod("clone", (String[]) null); String superName = _managedType.getSuperclassName(); Code code = null; @@ -3227,9 +3237,9 @@ * Gets the auxiliary enhancers registered as {@link Services services}. */ public AuxiliaryEnhancer[] getAuxiliaryEnhancers() { - return _auxEnhancers; + return _auxEnhancers; } - + /** * Allow any registered auxiliary code generators to run. */ @@ -3234,13 +3244,13 @@ * Allow any registered auxiliary code generators to run. */ private void runAuxiliaryEnhancers() { - for (int i = 0; i < _auxEnhancers.length; i++) - _auxEnhancers[i].run(_pc, _meta); + for (int i = 0; i < _auxEnhancers.length; i++) + _auxEnhancers[i].run(_pc, _meta); } - + /** * Affirms if the given method be skipped. - * + * * @param method method to be skipped or not * @return true if any of the auxiliary enhancers skips the given method, * or if the method is a constructor @@ -3248,11 +3258,11 @@ private boolean skipEnhance(BCMethod method) { if ("".equals(method.getName())) return true; - + for (int i = 0; i < _auxEnhancers.length; i++) - if (_auxEnhancers[i].skipEnhance(method)) - return true; - + if (_auxEnhancers[i].skipEnhance(method)) + return true; + return false; } @@ -3440,7 +3450,7 @@ code.vreturn(); // inst.pcStateManager.settingField (inst, - // pcInheritedFieldCount + , inst., value, 0); + // pcInheritedFieldCount + , inst., value, 0); ifins.setTarget(loadManagedInstance(code, true)); code.getfield().setField(SM, SMTYPE); loadManagedInstance(code, true); @@ -3568,7 +3578,9 @@ String fieldName = toBackingFieldName(attrName); // next, find the field in the managed type. - BCField[] fields = _managedType.getFields(fieldName); + BCField[] fields = (BCField[]) AccessController + .doPrivileged(J2DoPrivHelper.getBCClassFieldsAction(_managedType, + fieldName)); BCField field = null; for (int i = 0; i < fields.length; i++) { field = fields[i]; @@ -3636,7 +3648,7 @@ void.class, new Class[] { Object.class, - fieldType.isPrimitive() ? fieldType : Object.class, + fieldType.isPrimitive() ? fieldType : Object.class, Field.class }); } else { code.putfield() @@ -3672,7 +3684,7 @@ private void addDetachExternalize(boolean parentDetachable, boolean detachedState) throws NoSuchMethodException { - // ensure that the declared default constructor is public + // ensure that the declared default constructor is public // for externalization BCMethod meth = _pc.getDeclaredMethod("", (String[]) null); if (!meth.isPublic()) { @@ -3677,7 +3689,7 @@ BCMethod meth = _pc.getDeclaredMethod("", (String[]) null); if (!meth.isPublic()) { if (_log.isWarnEnabled()) - _log.warn(_loc.get("enhance-defcons-extern", + _log.warn(_loc.get("enhance-defcons-extern", _meta.getDescribedType())); meth.makePublic(); } @@ -3793,7 +3805,7 @@ loadManagedInstance(code, false); code.aload().setParam(0); code.invokespecial().setMethod(getType(_meta. - getPCSuperclassMetaData()), PRE + "ReadUnmanaged", void.class, + getPCSuperclassMetaData()), PRE + "ReadUnmanaged", void.class, inargs); } @@ -3950,7 +3962,7 @@ loadManagedInstance(code, false); code.aload().setParam(0); code.invokespecial().setMethod(getType(_meta. - getPCSuperclassMetaData()), PRE + "WriteUnmanaged", void.class, + getPCSuperclassMetaData()), PRE + "WriteUnmanaged", void.class, outargs); } @@ -4122,7 +4134,7 @@ BCMethod newgetter = _pc.declareMethod(PRE + meth.getName(), meth.getReturnType(), meth.getParameterTypes()); newgetter.setAccessFlags(getter.getAccessFlags()); - newgetter.makeProtected(); + newgetter.makeProtected(); transferCodeAttributes(getter, newgetter); return getter; } @@ -4160,7 +4172,7 @@ private void addGetEnhancementContractVersionMethod() { // public int getEnhancementContractVersion() - BCMethod method = _pc.declareMethod(PRE + + BCMethod method = _pc.declareMethod(PRE + "GetEnhancementContractVersion", int.class, null); method.makePublic(); Code code = method.getCode(true); @@ -4230,7 +4242,7 @@ * If the type being enhanced has metadata, it will be enhanced as a * persistence capable class. If not, it will be considered a persistence * aware class, and all access to fields of persistence capable classes - * will be replaced by the appropriate get/set method. If the type + * will be replaced by the appropriate get/set method. If the type * explicitly declares the persistence-capable interface, it will * not be enhanced. Thus, it is safe to invoke the enhancer on classes * that are already enhanced. @@ -4283,7 +4295,8 @@ loader = conf.getClassResolverInstance(). getClassLoader(PCEnhancer.class, null); if (flags.tmpClassLoader) - loader = new TemporaryClassLoader(loader); + loader = (ClassLoader) AccessController.doPrivileged(J2DoPrivHelper + .newTemporaryClassLoaderAction(loader)); if (repos == null) { repos = conf.newMetaDataRepositoryInstance(); @@ -4296,8 +4309,8 @@ log.info(_loc.get("running-all-classes")); classes = repos.getPersistentTypeNames(true, loader); if (classes == null) { - log.warn(_loc.get("no-class-to-enhance")); - return false; + log.warn(_loc.get("no-class-to-enhance")); + return false; } } else { ClassArgParser cap = conf.getMetaDataRepositoryInstance(). @@ -4307,7 +4320,7 @@ for (int i = 0; i < args.length; i++) classes.addAll(Arrays.asList(cap.parseTypes(args[i]))); } - + Project project = new Project(); BCClass bc; PCEnhancer enhancer; @@ -4352,15 +4365,15 @@ public File directory = null; public boolean addDefaultConstructor = true; public boolean tmpClassLoader = true; - public boolean enforcePropertyRestrictions = false; - } + public boolean enforcePropertyRestrictions = false; + } - /** - * Plugin interface for additional enhancement. - */ - public static interface AuxiliaryEnhancer - { - public void run (BCClass bc, ClassMetaData meta); - public boolean skipEnhance(BCMethod m); - } + /** + * Plugin interface for additional enhancement. + */ + public static interface AuxiliaryEnhancer + { + public void run (BCClass bc, ClassMetaData meta); + public boolean skipEnhance(BCMethod m); + } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/enhance/Reflection.java (working copy) @@ -192,7 +192,8 @@ private static void makeAccessible(AccessibleObject ao, int mods) { try { if (!Modifier.isPublic(mods) && !ao.isAccessible()) - ao.setAccessible(true); + AccessController.doPrivileged(J2DoPrivHelper + .setAccessibleAction(ao, true)); } catch (SecurityException se) { throw new UserException(_loc.get("reflect-security", ao)). setFatal(true); Index: openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/event/BeanLifecycleCallbacks.java (working copy) @@ -77,7 +77,8 @@ throws Exception { Method callback = getCallbackMethod(); if (!callback.isAccessible()) - callback.setAccessible(true); + AccessController.doPrivileged(J2DoPrivHelper.setAccessibleAction( + callback, true)); if (requiresArgument()) callback.invoke(_listener, new Object[]{ obj, rel }); else Index: openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/event/MethodLifecycleCallbacks.java (working copy) @@ -84,7 +84,8 @@ public void makeCallback(Object obj, Object arg, int eventType) throws Exception { if (!_callback.isAccessible()) - _callback.setAccessible(true); + AccessController.doPrivileged(J2DoPrivHelper.setAccessibleAction( + _callback, true)); if (_arg) _callback.invoke(obj, new Object[]{ arg }); Index: openjpa-kernel/src/main/java/org/apache/openjpa/event/TCPRemoteCommitProvider.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/event/TCPRemoteCommitProvider.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/event/TCPRemoteCommitProvider.java (working copy) @@ -31,6 +31,8 @@ import java.net.Socket; import java.net.SocketException; import java.net.UnknownHostException; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -46,6 +48,7 @@ import org.apache.commons.pool.impl.GenericObjectPool; import org.apache.openjpa.lib.conf.Configurable; import org.apache.openjpa.lib.log.Log; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.util.GeneralException; import org.apache.openjpa.util.InternalException; @@ -235,7 +238,8 @@ hostname = host; tmpPort = DEFAULT_PORT; } - InetAddress tmpAddress = InetAddress.getByName(hostname); + InetAddress tmpAddress = (InetAddress) AccessController + .doPrivileged(J2DoPrivHelper.getByNameAction(hostname)); // bleair: For each address we would rather make use of // the jdk1.4 isLinkLocalAddress () || isLoopbackAddress (). @@ -260,8 +264,9 @@ } } } - } - finally { + } catch (PrivilegedActionException pae) { + throw (UnknownHostException) pae.getException(); + } finally { _addressesLock.unlock(); } } @@ -499,7 +504,12 @@ throws IOException { _port = port; _log = log; - _receiveSocket = new ServerSocket(_port); + try { + _receiveSocket = (ServerSocket) AccessController + .doPrivileged(J2DoPrivHelper.newServerSocketAction(_port)); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } _localhost = InetAddress.getLocalHost().getAddress(); if (_log.isTraceEnabled()) @@ -566,7 +576,8 @@ try { s = null; // Block, waiting to accept new connection from a peer - s = _receiveSocket.accept(); + s = (Socket) AccessController.doPrivileged(J2DoPrivHelper + .acceptAction(_receiveSocket)); if (_log.isTraceEnabled()) { _log.trace(s_loc.get("tcp-received-connection", s.getInetAddress().getHostAddress() @@ -578,6 +589,8 @@ receiverThread.start(); _receiverThreads.add(receiverThread); } catch (Exception e) { + if (e instanceof PrivilegedActionException) + e = ((PrivilegedActionException) e).getException(); if (!(e instanceof SocketException) || _isRunning) if (_log.isWarnEnabled()) _log.warn(s_loc.get("tcp-accept-error"), e); @@ -755,12 +768,19 @@ private HostAddress(String host) throws UnknownHostException { int colon = host.indexOf(':'); - if (colon != -1) { - _address = InetAddress.getByName(host.substring(0, colon)); - _port = Integer.parseInt(host.substring(colon + 1)); - } else { - _address = InetAddress.getByName(host); - _port = DEFAULT_PORT; + try { + if (colon != -1) { + _address = (InetAddress) AccessController + .doPrivileged(J2DoPrivHelper.getByNameAction(host + .substring(0, colon))); + _port = Integer.parseInt(host.substring(colon + 1)); + } else { + _address = (InetAddress) AccessController + .doPrivileged(J2DoPrivHelper.getByNameAction(host)); + _port = DEFAULT_PORT; + } + } catch (PrivilegedActionException pae) { + throw (UnknownHostException) pae.getException(); } // -1 max wait == as long as it takes _socketPool = new GenericObjectPool @@ -884,12 +904,18 @@ public Object makeObject() throws IOException { - Socket s = new Socket(_address, _port); - if (log.isTraceEnabled()) { - log.trace(s_loc.get("tcp-open-connection", - _address + ":" + _port, "" + s.getLocalPort())); + try { + Socket s = (Socket) AccessController + .doPrivileged(J2DoPrivHelper.newSocketAction(_address, + _port)); + if (log.isTraceEnabled()) { + log.trace(s_loc.get("tcp-open-connection", _address + + ":" + _port, "" + s.getLocalPort())); + } + return s; + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); } - return s; } public void destroyObject(Object obj) { Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java (working copy) @@ -363,7 +363,8 @@ for (int i = 0; i < metas.length; i++) { if (getSourceFile(metas[i]) == null) setSourceFile(metas[i], defaultSourceFile(metas[i])); - if (getSourceFile(metas[i]).exists()) { + if (((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .existsAction(getSourceFile(metas[i])))).booleanValue()) { if (files == null) files = new HashSet(); files.add(getSourceFile(metas[i])); @@ -490,7 +491,8 @@ for (Iterator itr = files.iterator(); itr.hasNext();) { file = (File) itr.next(); if (Files.backup(file, false) != null) - file.delete(); + AccessController + .doPrivileged(J2DoPrivHelper.deleteAction(file)); } } @@ -628,7 +630,8 @@ File file; for (Iterator itr = files.iterator(); itr.hasNext();) { file = (File) itr.next(); - if (file.isDirectory()) { + if (((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isDirectoryAction(file))).booleanValue()) { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-directory", file)); scan(new FileMetaDataIterator(file, newMetaDataFilter()), @@ -636,8 +639,15 @@ } else if (file.getName().endsWith(".jar")) { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-jar", file)); - scan(new ZipFileMetaDataIterator(new ZipFile(file), - newMetaDataFilter()), cparser, names, true, file); + try { + ZipFile zFile = (ZipFile) AccessController + .doPrivileged(J2DoPrivHelper + .newZipFileAction(file)); + scan(new ZipFileMetaDataIterator(zFile, + newMetaDataFilter()), cparser, names, true, file); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } } else { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-file", file)); @@ -646,8 +656,9 @@ if (log.isTraceEnabled()) log.trace(_loc.get("scan-found-names", clss, file)); names.addAll(Arrays.asList(clss)); - mapPersistentTypeNames(file.getAbsoluteFile().toURL(), - clss); + mapPersistentTypeNames(((File) AccessController + .doPrivileged(J2DoPrivHelper + .getAbsoluteFileAction(file))).toURL(), clss); } } } @@ -656,14 +667,19 @@ for (Iterator itr = urls.iterator(); itr.hasNext();) { url = (URL) itr.next(); if ("file".equals(url.getProtocol())) { - File file = new File(url.getFile()).getAbsoluteFile(); + File file = (File) AccessController + .doPrivileged(J2DoPrivHelper + .getAbsoluteFileAction(new File(url.getFile()))); if (files != null && files.contains(file)) { continue; - } else if (file.isDirectory()) { + } else if (((Boolean) AccessController + .doPrivileged(J2DoPrivHelper.isDirectoryAction(file))) + .booleanValue()) { if (log.isTraceEnabled()) log.trace(_loc.get("scanning-directory", file)); - scan(new FileMetaDataIterator(file, newMetaDataFilter()), - cparser, names, true, file); + scan( + new FileMetaDataIterator(file, newMetaDataFilter()), + cparser, names, true, file); continue; } } Index: openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/meta/InterfaceImplGenerator.java (working copy) @@ -79,8 +79,12 @@ ClassLoader parentLoader = (ClassLoader) AccessController.doPrivileged( J2DoPrivHelper.getClassLoaderAction(iface)); - BCClassLoader loader = new BCClassLoader(_project, parentLoader); - BCClassLoader enhLoader = new BCClassLoader(_enhProject, parentLoader); + BCClassLoader loader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction(_project, + parentLoader)); + BCClassLoader enhLoader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction(_enhProject, + parentLoader)); BCClass bc = _project.loadClass(getClassName(meta)); bc.declareInterface(iface); ClassMetaData sup = meta.getPCSuperclassMetaData(); @@ -86,10 +90,11 @@ ClassMetaData sup = meta.getPCSuperclassMetaData(); if (sup != null) { bc.setSuperclass(sup.getInterfaceImpl()); - enhLoader = new BCClassLoader(_enhProject, - (ClassLoader) AccessController.doPrivileged( - J2DoPrivHelper.getClassLoaderAction( - sup.getInterfaceImpl()))); + enhLoader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction( + _enhProject, (ClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.getClassLoaderAction(sup + .getInterfaceImpl())))); } FieldMetaData[] fields = meta.getDeclaredFields(); Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/ClassResolverImpl.java (working copy) @@ -56,7 +56,8 @@ // construct a multi class loader that will delegate in the order // described in section 12.5 of the spec - MultiClassLoader loader = new MultiClassLoader(); + MultiClassLoader loader = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); if (contextLoader != null) loader.addClassLoader(contextLoader); loader.addClassLoader(threadLoader); Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/GeneratedClasses.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/GeneratedClasses.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/GeneratedClasses.java (working copy) @@ -63,7 +63,9 @@ * Load the class represented by the given bytecode. */ public static Class loadBCClass(BCClass bc, ClassLoader loader) { - BCClassLoader bcloader = new BCClassLoader(bc.getProject(), loader); + BCClassLoader bcloader = (BCClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newBCClassLoaderAction( + bc.getProject(), loader)); try { Class c = Class.forName(bc.getName(), true, bcloader); bc.getProject().clear(); Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/MultiLoaderClassResolver.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/MultiLoaderClassResolver.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/MultiLoaderClassResolver.java (working copy) @@ -18,6 +18,9 @@ */ package org.apache.openjpa.util; +import java.security.AccessController; + +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.MultiClassLoader; /** @@ -28,7 +31,8 @@ */ public class MultiLoaderClassResolver implements ClassResolver { - final private MultiClassLoader _loader = new MultiClassLoader(); + final private MultiClassLoader _loader = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); public MultiLoaderClassResolver() { } Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java (working copy) @@ -61,7 +61,6 @@ import serp.bytecode.Code; import serp.bytecode.JumpInstruction; import serp.bytecode.Project; -import serp.bytecode.BCClassLoader; import serp.util.Strings; /** @@ -87,10 +86,12 @@ _stdCollections.put(List.class, ArrayList.class); if (JavaVersions.VERSION >= 5) { try { - Class queue = Class.forName("java.util.Queue", false, - (ClassLoader) AccessController.doPrivileged( - J2DoPrivHelper.getClassLoaderAction( - Collection.class))); + Class queue = (Class) AccessController + .doPrivileged(J2DoPrivHelper.getForNameAction( + "java.util.Queue", false, + (ClassLoader) AccessController + .doPrivileged(J2DoPrivHelper + .getClassLoaderAction(Collection.class)))); _stdCollections.put(queue, LinkedList.class); } catch (Throwable t) { // not really java 5 after all? Index: openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java =================================================================== --- openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java (revision 562121) +++ openjpa-kernel/src/main/java/org/apache/openjpa/util/Serialization.java (working copy) @@ -28,6 +28,7 @@ import java.io.OutputStream; import java.io.Serializable; import java.security.AccessController; +import java.security.PrivilegedAction; import org.apache.openjpa.conf.OpenJPAConfiguration; import org.apache.openjpa.kernel.StoreContext; @@ -104,7 +105,12 @@ throws IOException { super(delegate); _ctx = ctx; - enableReplaceObject(true); + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + enableReplaceObject(true); + return null; + } + }); } protected Object replaceObject(Object obj) { @@ -123,7 +129,8 @@ protected Class resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException { - MultiClassLoader loader = new MultiClassLoader(); + MultiClassLoader loader = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); addContextClassLoaders(loader); loader.addClassLoader(getClass().getClassLoader()); loader.addClassLoader(MultiClassLoader.SYSTEM_LOADER); @@ -153,7 +160,12 @@ throws IOException { super(delegate); _ctx = ctx; - enableResolveObject(true); + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + enableResolveObject(true); + return null; + } + }); } protected void addContextClassLoaders(MultiClassLoader loader) { Index: openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/ManagedClassSubclasser.java =================================================================== --- openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/ManagedClassSubclasser.java (revision 562121) +++ openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/ManagedClassSubclasser.java (working copy) @@ -19,6 +19,8 @@ package org.apache.openjpa.enhance; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Map; import java.util.HashMap; import java.util.Collection; @@ -28,6 +30,7 @@ import java.util.Iterator; import org.apache.openjpa.conf.OpenJPAConfiguration; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.util.BytecodeWriter; import org.apache.openjpa.lib.util.Localizer; @@ -169,7 +172,7 @@ } } - private static void write(BCClass bc, PCEnhancer enhancer, + private static void write(final BCClass bc, PCEnhancer enhancer, Map map, Class cls, List subs, List ints) throws IOException { @@ -176,7 +179,12 @@ // ##### java.io.File dir = org.apache.openjpa.lib.util.Files.getPackageFile( new java.io.File("subs"), bc.getPackageName(), true); - bc.write(new java.io.File(dir, bc.getClassName() + ".class")); + try { + AccessController.doPrivileged(J2DoPrivHelper.bCClassWrite(bc, + new java.io.File(dir, bc.getClassName() + ".class"))); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } if (bc == enhancer.getManagedTypeBytecode()) { // if it was already defined, don't put it in the map, Index: openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java =================================================================== --- openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java (revision 562121) +++ openjpa-kernel-5/src/main/java/org/apache/openjpa/enhance/PCEnhancerAgent.java (working copy) @@ -84,9 +84,11 @@ conf.setConnectionDriverName(null); conf.setConnectionFactoryName(null); // set single class resolver - final ClassLoader tmpLoader = new TemporaryClassLoader( - (ClassLoader) AccessController.doPrivileged( - J2DoPrivHelper.getContextClassLoaderAction())); + final ClassLoader tmpLoader = (ClassLoader) AccessController + .doPrivileged(J2DoPrivHelper + .newTemporaryClassLoaderAction((ClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.getContextClassLoaderAction()) + )); conf.setClassResolver(new ClassResolver() { public ClassLoader getClassLoader(Class context, ClassLoader env) { return tmpLoader; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/ant/AbstractTask.java (working copy) @@ -189,7 +189,8 @@ String[] dsFiles = ds.getIncludedFiles(); for (int j = 0; j < dsFiles.length; j++) { File f = new File(dsFiles[j]); - if (!f.isFile()) + if (!((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isFileAction(f))).booleanValue()) f = new File(ds.getBasedir(), dsFiles[j]); files.add((String) AccessController.doPrivileged( J2DoPrivHelper.getAbsolutePathAction(f))); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/ConfigurationImpl.java (working copy) @@ -40,6 +40,7 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -164,7 +165,8 @@ * {@link ProductDerivation}s, and from System properties. */ public boolean loadGlobals() { - MultiClassLoader loader = new MultiClassLoader(); + MultiClassLoader loader = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); loader.addClassLoader((ClassLoader) AccessController.doPrivileged( J2DoPrivHelper.getContextClassLoaderAction())); loader.addClassLoader(getClass().getClassLoader()); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/conf/Configurations.java (working copy) @@ -294,11 +294,13 @@ } File file = new File(path); - if (file.isFile()) + if (((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isFileAction(file))).booleanValue()) provider = ProductDerivations.load(file, anchor, null); else { file = new File("META-INF" + File.separatorChar + path); - if (file.isFile()) + if (((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isFileAction(file))).booleanValue()) provider = ProductDerivations.load(file, anchor, null); else provider = ProductDerivations.load(path, anchor, null); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClassMetaDataIterator.java (working copy) @@ -75,7 +75,8 @@ } if (loader == null) { - MultiClassLoader multi = new MultiClassLoader(); + MultiClassLoader multi = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); multi.addClassLoader(multi.SYSTEM_LOADER); multi.addClassLoader(multi.THREAD_LOADER); multi.addClassLoader(getClass().getClassLoader()); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ClasspathMetaDataIterator.java (working copy) @@ -21,6 +21,7 @@ import java.io.File; import java.io.IOException; import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.Properties; import java.util.zip.ZipFile; @@ -64,11 +65,18 @@ if (!((Boolean) AccessController.doPrivileged( J2DoPrivHelper.existsAction(file))).booleanValue()) continue; - if (file.isDirectory()) + if (((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isDirectoryAction(file))).booleanValue()) addIterator(new FileMetaDataIterator(file, filter)); - else if (tokens[i].endsWith(".jar")) - addIterator(new ZipFileMetaDataIterator(new ZipFile(file), - filter)); + else if (tokens[i].endsWith(".jar")) { + try { + ZipFile zFile = (ZipFile) AccessController + .doPrivileged(J2DoPrivHelper.newZipFileAction(file)); + addIterator(new ZipFileMetaDataIterator(zFile, filter)); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } + } } } Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java (working copy) @@ -92,7 +92,8 @@ if (filter.matches(rsrc)) metas.add(file); else { - File[] files = file.listFiles(); + File[] files = (File[]) AccessController + .doPrivileged(J2DoPrivHelper.listFilesAction(file)); if (files != null) for (int i = 0; i < files.length; i++) scanned = scan(files[i], filter, rsrc, metas, scanned); @@ -110,7 +111,8 @@ throw new NoSuchElementException(); _file = (File) _itr.next(); - return _file.getAbsoluteFile().toURL(); + return ((File) AccessController.doPrivileged(J2DoPrivHelper + .getAbsoluteFileAction(_file))).toURL(); } public InputStream getInputStream() throws IOException { Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/ResourceMetaDataIterator.java (working copy) @@ -57,7 +57,8 @@ public ResourceMetaDataIterator(String rsrc, ClassLoader loader) throws IOException { if (loader == null) { - MultiClassLoader multi = new MultiClassLoader(); + MultiClassLoader multi = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); multi.addClassLoader(multi.SYSTEM_LOADER); multi.addClassLoader(multi.THREAD_LOADER); multi.addClassLoader(getClass().getClassLoader()); Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/XMLMetaDataParser.java (working copy) @@ -271,7 +271,8 @@ public void parse(File file) throws IOException { if (file == null) return; - if (!file.isDirectory()) + if (!((Boolean) AccessController.doPrivileged(J2DoPrivHelper + .isDirectoryAction(file))).booleanValue()) parse(new FileMetaDataIterator(file)); else { String suff = (_suffix == null) ? "" : _suffix; Index: openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java =================================================================== --- openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java (revision 562121) +++ openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java (working copy) @@ -23,13 +23,23 @@ import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; +import java.lang.reflect.AccessibleObject; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; import java.net.URL; import java.net.URLConnection; +import java.net.UnknownHostException; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; +import java.util.zip.ZipFile; + import serp.bytecode.BCClass; +import serp.bytecode.BCClassLoader; import serp.bytecode.Code; +import serp.bytecode.FieldInstruction; +import serp.bytecode.Project; /** * Helper class to obtain the Privilege(Exception)Action object to perform @@ -36,6 +46,8 @@ * Java 2 doPrivilege security sensitive function call in the following * methods: *
    + *
  • AccessibleObject.setAccessible + *
  • Class.forName *
  • Class.getClassLoader *
  • Class.getDeclaredField *
  • Class.getDeclaredFields @@ -47,10 +59,14 @@ *
  • ClassLoader.getResource *
  • ClassLoader.getResources *
  • ClassLoader.getSystemClassLoader + *
  • File.delete *
  • File.exists + *
  • File.getAbsoluteFile *
  • File.getAbsolutePath *
  • File.getCanonicalPath + *
  • File.listFiles *
  • File.length + *
  • File.isDirectory *
  • File.mkdirs *
  • File.renameTo *
  • FileInputStream new @@ -56,12 +72,23 @@ *
  • FileInputStream new *
  • FileOutputStream new *
  • System.getProperties + *
  • InetAddress.getByName + *
  • MultiClassLoader new + *
  • ServerSocket new + *
  • Socket new + *
  • Socket.accept *
  • System.getProperty *
  • Thread.getContextClassLoader + *
  • TemporaryClassLoader new *
  • URL.openStream *
  • URLConnection.getContent + *
  • ZipFile new *
  • serp.bytecode.Code new - *
  • serp.bytecode.BCClass.isInstanceOf + *
  • serp.bytecode.BCClassLoader new + *
  • serp.bytecode.BCClass.write + *
  • serp.bytecode.BCClass.getFields + *
  • serp.bytecode.FieldInstruction.getField + *
  • serp.bytecode.Project.loadClass *
* * If these methods are used, the following sample usage patterns should be @@ -145,6 +172,45 @@ } /** + * Return a PrivilegeAction object for aObj.setAccessible(). + * + * Requires security policy: 'permission java.lang.reflect.ReflectPermission + * "suppressAccessChecks";' + */ + public static final PrivilegedAction setAccessibleAction( + final AccessibleObject aObj, final boolean flag) { + return new PrivilegedAction() { + public Object run() { + aObj.setAccessible(flag); + return (Object) null; + } + }; + } + + /** + * Return a PrivilegeAction object for Class.forName(). + * + * Notes: doPriv of Class.forName call is required only if the input + * classloader argument is null. E.g. + * + * Class.forName("x", false, Collection.class.getClassLoader()); + * + * Requires security policy: 'permission java.lang.RuntimePermission + * "getClassLoader";' + * + * @return Classloader + */ + public static final PrivilegedExceptionAction getForNameAction( + final String className, final boolean initializeBoolean, + final ClassLoader classLoader) { + return new PrivilegedExceptionAction() { + public Object run() throws ClassNotFoundException { + return Class.forName(className, initializeBoolean, classLoader); + } + }; + } + + /** * Return a PrivilegeAction object for clazz.getClassloader(). * * Notes: No doPrivilege wrapping is required in the caller if: @@ -151,7 +217,7 @@ * "the caller's class loader is not null and the caller's class loader * is not the same as or an ancestor of the class loader for the class * whose class loader is requested". E.g. - * + * * this.getClass().getClassLoader(); * * Requires security policy: @@ -156,7 +222,7 @@ * * Requires security policy: * 'permission java.lang.RuntimePermission "getClassLoader";' - * + * * @return Classloader */ public static final PrivilegedAction getClassLoaderAction( @@ -345,6 +411,22 @@ } /** + * Return a PrivilegeAction object for f.delete(). + * + * Requires security policy: + * 'permission java.io.FilePermission "delete";' + * + * @return Boolean + */ + public static final PrivilegedAction deleteAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.delete() ? Boolean.TRUE : Boolean.FALSE; + } + }; + } + + /** * Return a PrivilegeAction object for f.exists(). * * Requires security policy: @@ -349,7 +431,7 @@ * * Requires security policy: * 'permission java.io.FilePermission "read";' - * + * * @return Boolean */ public static final PrivilegedAction existsAction(final File f) { @@ -365,6 +447,22 @@ } /** + * Return a PrivilegeAction object for f.getAbsoluteFile(). + * + * Requires security policy: + * 'permission java.util.PropertyPermission "read";' + * + * @return File + */ + public static final PrivilegedAction getAbsoluteFileAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.getAbsoluteFile(); + } + }; + } + + /** * Return a PrivilegeAction object for f.getAbsolutePath(). * * Requires security policy: @@ -369,7 +467,7 @@ * * Requires security policy: * 'permission java.util.PropertyPermission "read";' - * + * * @return String */ public static final PrivilegedAction getAbsolutePathAction(final File f) { @@ -399,6 +497,38 @@ } /** + * Return a PrivilegeAction object for f.isDirectory(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Boolean + */ + public static final PrivilegedAction isDirectoryAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.isDirectory() ? Boolean.TRUE : Boolean.FALSE; + } + }; + } + + /** + * Return a PrivilegeAction object for f.isFile(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return Boolean + */ + public static final PrivilegedAction isFileAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.isFile() ? Boolean.TRUE : Boolean.FALSE; + } + }; + } + + /** * Return a PrivilegeAction object for f.length(). * * Requires security policy: @@ -403,7 +533,7 @@ * * Requires security policy: * 'permission java.io.FilePermission "read";' - * + * * @return Long */ public static final PrivilegedAction lengthAction(final File f) { @@ -415,6 +545,22 @@ } /** + * Return a PrivilegeAction object for f.listFiles(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return File[] + */ + public static final PrivilegedAction listFilesAction(final File f) { + return new PrivilegedAction() { + public Object run() { + return f.listFiles(); + } + }; + } + + /** * Return a PrivilegeAction object for f.mkdirs(). * * Requires security policy: @@ -419,7 +565,7 @@ * * Requires security policy: * 'permission java.io.FilePermission "write";' - * + * * @return Boolean */ public static final PrivilegedAction mkdirsAction(final File f) { @@ -502,6 +648,78 @@ } /** + * Return a PrivilegedExceptionAction object for InetAdress.getByName(). + * + * Requires security policy: + * 'permission java.net.SocketPermission "connect";' + * + * @return InetAddress + * @throws UnknownHostException + */ + public static final PrivilegedExceptionAction getByNameAction( + final String hostname) throws UnknownHostException { + return new PrivilegedExceptionAction() { + public Object run() throws UnknownHostException { + return InetAddress.getByName(hostname); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for new Socket(). + * + * Requires security policy: + * 'permission java.net.SocketPermission "connect";' + * + * @return Socket + * @throws IOException + */ + public static final PrivilegedExceptionAction newSocketAction( + final InetAddress host, final int port) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return new Socket(host, port); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for new ServerSocket(). + * + * Requires security policy: + * 'permission java.net.SocketPermission "listen";' + * + * @return ServerSocket + * @throws IOException + */ + public static final PrivilegedExceptionAction newServerSocketAction( + final int port) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return new ServerSocket(port); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for ServerSocket.accept(). + * + * Requires security policy: + * 'permission java.net.SocketPermission "listen";' + * + * @return Socket + * @throws IOException + */ + public static final PrivilegedExceptionAction acceptAction( + final ServerSocket ss) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return ss.accept(); + } + }; + } + + /** * Return a PrivilegeAction object for System.getProperties(). * * Requires security policy: @@ -506,7 +724,7 @@ * * Requires security policy: * 'permission java.util.PropertyPermission "read";' - * + * * @return Properties */ public static final PrivilegedAction getPropertiesAction() { @@ -587,6 +805,24 @@ } /** + * Return a PrivilegedExceptionAction object for new ZipFile(). + * + * Requires security policy: + * 'permission java.io.FilePermission "read";' + * + * @return ZipFile + * @throws IOException + */ + public static final PrivilegedExceptionAction newZipFileAction(final File f) + throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + return new ZipFile(f); + } + }; + } + + /** * Return a PrivilegeAction object for new serp.bytecode.Code(). * * Requires security policy: @@ -591,7 +827,7 @@ * * Requires security policy: * 'permission java.lang.RuntimePermission "getClassLoader";' - * + * * @return serp.bytecode.Code */ public static final PrivilegedAction newCodeAction() { @@ -601,4 +837,133 @@ } }; } + + /** + * Return a PrivilegeAction object for new TemporaryClassLoader(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "createClassLoader";' + * + * @return TemporaryClassLoader + */ + public static final PrivilegedAction newTemporaryClassLoaderAction( + final ClassLoader parent) { + return new PrivilegedAction() { + public Object run() { + return new TemporaryClassLoader(parent); + } + }; + } + + /** + * Return a PrivilegeAction object for new MultiClassLoader(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "createClassLoader";' + * + * @return MultiClassLoader + */ + public static final PrivilegedAction newMultiClassLoaderAction() { + return new PrivilegedAction() { + public Object run() { + return new MultiClassLoader(); + } + }; + } + + /** + * Return a PrivilegeAction object for new BCClassLoader(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "createClassLoader";' + * + * @return BCClassLoader + */ + public static final PrivilegedAction newBCClassLoaderAction( + final Project project, final ClassLoader parent) { + return new PrivilegedAction() { + public Object run() { + return new BCClassLoader(project, parent); + } + }; + } + + public static final PrivilegedAction newBCClassLoaderAction( + final Project project) { + return new PrivilegedAction() { + public Object run() { + return new BCClassLoader(project); + } + }; + } + + /** + * Return a PrivilegedExceptionAction object for BCClass.write(). + * + * Requires security policy: + * 'permission java.io.FilePermission "write";' + * + * @return File + * @throws IOException + */ + public static final PrivilegedExceptionAction bCClassWrite( + final BCClass bc, final File f) throws IOException { + return new PrivilegedExceptionAction() { + public Object run() throws IOException { + bc.write(f); + return null; + } + }; + } + + /** + * Return a PrivilegeAction object for BCClass.getFields(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return BCField + */ + public static final PrivilegedAction getBCClassFieldsAction( + final BCClass bcClass, final String fieldName) { + return new PrivilegedAction() { + public Object run() { + return bcClass.getFields(fieldName); + } + }; + } + + /** + * Return a PrivilegeAction object for FieldInstruction.getField(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "getClassLoader";' + * + * @return BCField + */ + public static final PrivilegedAction getFieldInstructionFieldAction( + final FieldInstruction instruction) { + return new PrivilegedAction() { + public Object run() { + return instruction.getField(); + } + }; + } + + /** + * Return a PrivilegeAction object for Project.loadClass(). + * + * Requires security policy: + * 'permission java.lang.RuntimePermission "createClassLoader";' + * + * @return BCClass + */ + public static final PrivilegedAction loadProjectClassAction( + final Project project, final Class clazz) { + return new PrivilegedAction() { + public Object run() { + return project.loadClass(clazz); + } + }; + } } Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataSerializer.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataSerializer.java (revision 562121) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/AnnotationPersistenceMetaDataSerializer.java (working copy) @@ -19,6 +19,7 @@ package org.apache.openjpa.persistence; import org.apache.openjpa.lib.meta.SourceTracker; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.lib.util.JavaVersions; import org.apache.openjpa.lib.log.Log; @@ -29,6 +30,8 @@ import org.apache.openjpa.util.InternalException; import org.apache.commons.lang.StringUtils; +import java.security.AccessController; +import java.security.PrivilegedActionException; import java.util.*; import java.io.File; import java.io.IOException; @@ -1194,10 +1197,15 @@ } public void serialize(File file, int flags) throws IOException { - FileWriter out = new FileWriter(file.getCanonicalPath(), - (flags & APPEND) > 0); - serialize(out, flags); - out.close(); + try { + FileWriter out = new FileWriter((String) AccessController + .doPrivileged(J2DoPrivHelper.getCanonicalPathAction(file)), + (flags & APPEND) > 0); + serialize(out, flags); + out.close(); + } catch (PrivilegedActionException pae) { + throw (IOException) pae.getException(); + } } public void serialize(Writer out, int flags) throws IOException { Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java (revision 562121) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java (working copy) @@ -204,7 +204,8 @@ String[] prefixes = ProductDerivations.getConfigurationPrefixes(); String rsrc = null; for (int i = 0; i < prefixes.length && StringUtils.isEmpty(rsrc); i++) - rsrc = System.getProperty(prefixes[i] + ".properties"); + rsrc = (String) AccessController.doPrivileged(J2DoPrivHelper + .getPropertyAction(prefixes[i] + ".properties")); boolean explicit = !StringUtils.isEmpty(rsrc); String anchor = null; int idx = (!explicit) ? -1 : rsrc.lastIndexOf('#'); Index: openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java =================================================================== --- openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java (revision 562121) +++ openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java (working copy) @@ -93,9 +93,9 @@ } public ClassLoader getNewTempClassLoader() { - return new TemporaryClassLoader( - (ClassLoader) AccessController.doPrivileged( - J2DoPrivHelper.getContextClassLoaderAction())); + return (ClassLoader) AccessController.doPrivileged(J2DoPrivHelper + .newTemporaryClassLoaderAction((ClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.getContextClassLoaderAction()))); } public String getPersistenceUnitName() { @@ -201,7 +201,8 @@ } public void addJarFileName(String name) { - MultiClassLoader loader = new MultiClassLoader(); + MultiClassLoader loader = (MultiClassLoader) AccessController + .doPrivileged(J2DoPrivHelper.newMultiClassLoaderAction()); loader.addClassLoader(getClass().getClassLoader()); loader.addClassLoader(MultiClassLoader.THREAD_LOADER); URL url = (URL) AccessController.doPrivileged( Index: openjpa-persistence-jdbc/src/test/resources/j2.security.jse.policy =================================================================== --- openjpa-persistence-jdbc/src/test/resources/j2.security.jse.policy (revision 0) +++ openjpa-persistence-jdbc/src/test/resources/j2.security.jse.policy (revision 0) @@ -0,0 +1,62 @@ +// ================================================================ +// Example JSE Java 2 security policy required by OpenJPA. +// +// -Djava.security.manager -Djava.security.policy=C:\j2.security.jse.policy + +// ---------------------------------------------------------------- +// Application: E.g. +// -Dapplication=file:///C:/com/my/appl/classes + +grant CodeBase "${application}/-" { + + // Allows Persistence.createEntityManagerFacotry() to read META-INF/* + permission java.io.FilePermission "<>", "read"; +}; + +// ---------------------------------------------------------------- +// Derby: E.g. +// -Dderby.base="file:///C:\.m2\repository\org\apache\derby\derby\10.2.2.0 + +grant CodeBase "${derby.base}/-" { + + permission java.io.FilePermission "<>", "read,write,delete"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.util.PropertyPermission "*", "read"; +}; + +// ---------------------------------------------------------------- +// DB2: E.g. +// -db2.base=file:///C:/sqllib/java + +grant CodeBase "${db2.base}/-" { + + permission java.lang.RuntimePermission "loadLibrary.*"; + permission java.util.PropertyPermission "*", "read"; +}; + + +// ================================================================ +// The following permissions are required by OpenJPA implementation. + +// ---------------------------------------------------------------- +// Serp: E.g. +// -Dserp.base="file:///C:\.m2\repository\net\sourceforge\serp\serp\1.11.0" + +grant CodeBase "${serp.base}/-" { + + permission java.io.FilePermission "<>", "read,write"; + permission java.lang.RuntimePermission "createClassLoader"; +}; + +// ---------------------------------------------------------------- +// OpeJPA: E.g. +// -Dopenjpa.base=file:///C:\openjpa.cur\openjpa-all\target + +grant CodeBase "${openjpa.base}/-" { + + permission java.io.FilePermission "<>", "read,write"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.util.PropertyPermission "*", "read"; +}; + Index: openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy =================================================================== --- openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy (revision 562121) +++ openjpa-persistence-jdbc/src/test/resources/j2.security.test.policy (working copy) @@ -34,49 +34,3 @@ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.util.PropertyPermission "*", "read,write"; }; - - -// ================================================================ -// The following permissions are required by OpenJPA implementation. -grant CodeBase "${application}/openjpa-1.0.0-SNAPSHOT.jar" { - - // class.getClassLoader() - // thread.getContextClassLoader() - // classloader.getParent() - // classloader.getSystemClassLoader() - // new serp.bytecode.Code() - // serp.bytecode.BCClass.isInstanceOf() - // class.newInstance() - // - permission java.lang.RuntimePermission "getClassLoader"; - - // urlConnection.getContext() - // url.openStream() - // classloader.getResource() - // classloader.getResources() - // new FileInputStream() - // file.exists() - // - permission java.io.FilePermission "<>", "read"; - - // file.mkdirs() - // file.renameTo() - // new FileOutputStream() - // - permission java.io.FilePermission "<>", "write"; - - // class.getDeclaredField() - // class.getDeclaredFields() - // class.getDeclaredMethod() - // class.getDeclaredMethods() - // - permission java.lang.RuntimePermission "accessDeclaredMembers"; - - // System.getProperty() - // System.getPrperties() - // File.getAbsolutePath() - // File.getCanonicalPath() - // - permission java.util.PropertyPermission "*", "read"; -}; -