OpenJPA
  1. OpenJPA
  2. OPENJPA-369

AccessDeclaredMembers RuntimePermission requires by Solaris JDK with security enabled

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.0
    • Fix Version/s: 1.0.1, 1.1.0
    • Component/s: jdbc
    • Labels:
      None
    • Environment:
      Solaris

      Description

      On Solaris, its Java runtime AnnotatedElement.isAnnotationPresent() method implementation requires "RuntimePermission accessDeclaredMembers" permission, even though it is not documented.

      This requirement does not applied to the JDK on (at least) Win32 and Linux.

      -------------------------------------------------------------
      Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Please refer to InfoCenter for further information.

      Permission:
      accessDeclaredMembers : access denied (java.lang.RuntimePermission accessDeclaredMembers)

      Code:
      suite.r70.base.jpaspec.entity.service.impl.AbstractDatatypeSupportTestEntityService in

      {file:/opt/WAS4/profiles/AppSrv01/installedApps/muonNode01Cell/EJB3JPAEntityBeanApp.ear/EJB3JPAEntityBean.jar}

      Stack Trace:
      java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
      at java.security.AccessController.checkPermission(AccessController.java:427)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
      at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
      at java.lang.Class.checkMemberAccess(Class.java:2125)
      at java.lang.Class.getDeclaredMethods(Class.java:1762)
      at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81)
      at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64)
      at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202)
      at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69)
      at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52)
      at java.lang.Class.initAnnotationsIfNecessary(Class.java:3031)
      at java.lang.Class.getAnnotation(Class.java:2989)
      at java.lang.Class.isAnnotationPresent(Class.java:3001)
      at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parseClassAnnotations(AnnotationPersistenceMetaDataParser.java:466)
      at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parse(AnnotationPersistenceMetaDataParser.java:349)
      at org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:229)
      at org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:470)
      at org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:290)
      at org.apache.openjpa.kernel.BrokerImpl.persist(BrokerImpl.java:2371)
      at org.apache.openjpa.kernel.BrokerImpl.persist(BrokerImpl.java:2224)
      at org.apache.openjpa.kernel.DelegatingBroker.persist(DelegatingBroker.java:1005)
      at org.apache.openjpa.persistence.EntityManagerImpl.persist(EntityManagerImpl.java:541)
      at suite.r70.base.jpaspec.entity.service.impl.AbstractDatatypeSupportTestEntityService.doCreateIDatatypeSupportTestEntity(AbstractDatatypeSupportTestEntityService.java:47)

      Albert Lee.

      1. OPENJPA-369.patch
        17 kB
        Albert Lee
      2. OPENJPA-369.2.patch
        26 kB
        Albert Lee
      3. OPENJPA-369.10x.patch
        26 kB
        Albert Lee

        Activity

        Hide
        Albert Lee added a comment -

        Identify another related AnnotatedElement access required by Solaris JDK.

        Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
        at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
        at java.lang.Class.checkMemberAccess(Class.java:2125)
        at java.lang.Class.getDeclaredMethods(Class.java:1762)
        at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81)
        at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64)
        at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202)
        at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69)
        at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52)
        at java.lang.reflect.Field.declaredAnnotations(Field.java:1002)
        at java.lang.reflect.Field.getDeclaredAnnotations(Field.java:995)
        at java.lang.reflect.AccessibleObject.getAnnotations(AccessibleObject.java:179)
        at org.apache.openjpa.persistence.PersistenceMetaDataDefaults.usesAccess(PersistenceMetaDataDefaults.java

        Show
        Albert Lee added a comment - Identify another related AnnotatedElement access required by Solaris JDK. Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189) at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662) at java.lang.Class.checkMemberAccess(Class.java:2125) at java.lang.Class.getDeclaredMethods(Class.java:1762) at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81) at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64) at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202) at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69) at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52) at java.lang.reflect.Field.declaredAnnotations(Field.java:1002) at java.lang.reflect.Field.getDeclaredAnnotations(Field.java:995) at java.lang.reflect.AccessibleObject.getAnnotations(AccessibleObject.java:179) at org.apache.openjpa.persistence.PersistenceMetaDataDefaults.usesAccess(PersistenceMetaDataDefaults.java
        Hide
        Albert Lee added a comment -

        Find 2 more instances that need doPriv:

        --------------------------------
        Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
        at java.security.AccessController.checkPermission(AccessController.java:427)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
        at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
        at java.lang.Class.checkMemberAccess(Class.java:2125)
        at java.lang.Class.getDeclaredMethods(Class.java:1762)
        at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81)
        at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64)
        at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202)
        at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69)
        at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52)
        at java.lang.reflect.Method.declaredAnnotations(Method.java:676)
        at java.lang.reflect.Method.getDeclaredAnnotations(Method.java:669)
        at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parseCallbackMethods(AnnotationPersistenceMetaDataParser.java:828)
        at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parseClassAnnotations(AnnotationPersistenceMetaDataParser.java:593)
        at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parse(AnnotationPersistenceMetaDataParser.java:351)
        at org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:229)
        at org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:470)
        at org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:290)
        at org.apache.openjpa.kernel.BrokerImpl.persist(BrokerImpl.java:2372)
        --------------------------------
        Stack Dump = java.security.AccessControlException: Access denied (java.lang.RuntimePermission modifyThread)
        at java.security.AccessController.checkPermission(AccessController.java:104)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
        at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189)
        at com.ibm.ws.security.core.SecurityManager.checkAccess(SecurityManager.java:299)
        at java.lang.Thread.checkAccess(Thread.java:397)
        at java.lang.Thread.setDaemon(Thread.java:839)
        at org.apache.openjpa.datacache.DataCacheScheduler.scheduleEviction(DataCacheScheduler.java:105)
        at org.apache.openjpa.datacache.AbstractDataCache.initialize(AbstractDataCache.java:89)
        at org.apache.openjpa.datacache.ConcurrentDataCache.initialize(ConcurrentDataCache.java:91)
        at org.apache.openjpa.datacache.DataCacheManagerImpl.initialize(DataCacheManagerImpl.java:51)
        at org.apache.openjpa.conf.OpenJPAConfigurationImpl.getDataCacheManagerInstance(OpenJPAConfigurationImpl.java:614)
        at org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:182)
        at org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:142)
        at org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:192)
        at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:35)
        at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:25)
        at com.ibm.ws.jpa.management.JPAEMFactory.createEntityManager(JPAEMFactory.java:100)
        at suite.r70.base.openjpa.datacache.tests.ejb.EJB_AMRLSF_DataCacheTestBean.createEntityManagers(EJB_AMRLSF_DataCacheTestBean.java:99)
        --------------------------------

        Show
        Albert Lee added a comment - Find 2 more instances that need doPriv: -------------------------------- Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189) at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662) at java.lang.Class.checkMemberAccess(Class.java:2125) at java.lang.Class.getDeclaredMethods(Class.java:1762) at sun.reflect.annotation.AnnotationType.<init>(AnnotationType.java:81) at sun.reflect.annotation.AnnotationType.getInstance(AnnotationType.java:64) at sun.reflect.annotation.AnnotationParser.parseAnnotation(AnnotationParser.java:202) at sun.reflect.annotation.AnnotationParser.parseAnnotations2(AnnotationParser.java:69) at sun.reflect.annotation.AnnotationParser.parseAnnotations(AnnotationParser.java:52) at java.lang.reflect.Method.declaredAnnotations(Method.java:676) at java.lang.reflect.Method.getDeclaredAnnotations(Method.java:669) at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parseCallbackMethods(AnnotationPersistenceMetaDataParser.java:828) at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parseClassAnnotations(AnnotationPersistenceMetaDataParser.java:593) at org.apache.openjpa.persistence.AnnotationPersistenceMetaDataParser.parse(AnnotationPersistenceMetaDataParser.java:351) at org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:229) at org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:470) at org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:290) at org.apache.openjpa.kernel.BrokerImpl.persist(BrokerImpl.java:2372) -------------------------------- Stack Dump = java.security.AccessControlException: Access denied (java.lang.RuntimePermission modifyThread) at java.security.AccessController.checkPermission(AccessController.java:104) at java.lang.SecurityManager.checkPermission(SecurityManager.java:547) at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:189) at com.ibm.ws.security.core.SecurityManager.checkAccess(SecurityManager.java:299) at java.lang.Thread.checkAccess(Thread.java:397) at java.lang.Thread.setDaemon(Thread.java:839) at org.apache.openjpa.datacache.DataCacheScheduler.scheduleEviction(DataCacheScheduler.java:105) at org.apache.openjpa.datacache.AbstractDataCache.initialize(AbstractDataCache.java:89) at org.apache.openjpa.datacache.ConcurrentDataCache.initialize(ConcurrentDataCache.java:91) at org.apache.openjpa.datacache.DataCacheManagerImpl.initialize(DataCacheManagerImpl.java:51) at org.apache.openjpa.conf.OpenJPAConfigurationImpl.getDataCacheManagerInstance(OpenJPAConfigurationImpl.java:614) at org.apache.openjpa.kernel.AbstractBrokerFactory.newBroker(AbstractBrokerFactory.java:182) at org.apache.openjpa.kernel.DelegatingBrokerFactory.newBroker(DelegatingBrokerFactory.java:142) at org.apache.openjpa.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:192) at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:35) at com.ibm.ws.persistence.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:25) at com.ibm.ws.jpa.management.JPAEMFactory.createEntityManager(JPAEMFactory.java:100) at suite.r70.base.openjpa.datacache.tests.ejb.EJB_AMRLSF_DataCacheTestBean.createEntityManagers(EJB_AMRLSF_DataCacheTestBean.java:99) --------------------------------
        Hide
        Albert Lee added a comment -

        Add doPriv(s) security access required by Solaris JDK.

        Show
        Albert Lee added a comment - Add doPriv(s) security access required by Solaris JDK.
        Hide
        Albert Lee added a comment -

        Per discussion with Patrick and Kevin, add a new openjpa-lib-5 module to host the 1.5 specific doPriv actions, which allows the 1.4 modules compilation to succeed.

        Apologize for this oversight in the original patch submission.

        Albert Lee.

        Show
        Albert Lee added a comment - Per discussion with Patrick and Kevin, add a new openjpa-lib-5 module to host the 1.5 specific doPriv actions, which allows the 1.4 modules compilation to succeed. Apologize for this oversight in the original patch submission. Albert Lee.
        Hide
        Albert Lee added a comment -

        Attached the same patch but for the 1.0.x branch.

        Show
        Albert Lee added a comment - Attached the same patch but for the 1.0.x branch.

          People

          • Assignee:
            Albert Lee
            Reporter:
            Albert Lee
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development