[jira] Created: (OWB-312) Add dopriv's to allow OWB to function with java 2 security enabled

Tue, 02 Mar 2010 07:54:50 -0800 

Add dopriv's to allow OWB to function with java 2 security enabled
------------------------------------------------------------------

                 Key: OWB-312
                 URL: https://issues.apache.org/jira/browse/OWB-312
             Project: OpenWebBeans
          Issue Type: Bug
            Reporter: Jacquelle Leggett
            Assignee: Gurkan Erdogdu


When using OWB with java 2 security enabled, my application requires the 
following permissions:

  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "getProtectionDomain"; 

The associated errors do not appear to be strategic security exceptions; 
therefore, dopriv blocks should be added to the appropriate sections of code.  
Adding dopriv blocks to AnnotationUtil and ClassUtil, will resolve most of the 
issues based on the SecurityExceptions I saw.

java.security.AccessControlException: Access denied 
(java.lang.RuntimePermission accessDeclaredMembers)
        at 
java.security.AccessController.checkPermission(AccessController.java:108)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
        at 
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
        at 
java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
        at java.lang.Class.checkMemberAccess(Class.java:109)
        at java.lang.Class.getDeclaredMethods(Class.java:668)
        at 
org.apache.webbeans.util.AnnotationUtil.hasAnnotationMember(AnnotationUtil.java:457)
        at 
org.apache.webbeans.container.InjectionResolver.findByQualifier(InjectionResolver.java:523)
        at 
org.apache.webbeans.container.InjectionResolver.implResolveByType(InjectionResolver.java:410)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to