[ https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614817#action_12614817 ]
Craig Russell commented on JDO-555: ----------------------------------- The ROF class still has the issue. This code (appears in two places) is problematic. if (cls != null && cls.getName().equals("java.util.Map")) { // Spec 14.6.12 If user specifies java.util.Map, then impl chooses its own implementation Map class try { tmpClass = Class.forName("java.util.HashMap", true, cls.getClassLoader()); } catch (ClassNotFoundException cnfe) { tmpClass = cls; } } else { tmpClass = cls; } I think the line tmpClass = Class.forName("java.util.HashMap", true, cls.getClassLoader()); needs to be wrapped in a doPrivileged block, or a simpler implementation, e.g. tmpClass = Class.forName("java.util.HashMap"); It's not obvious to me that we need to cater for a different java.util.HashMap class in the user's classpath instead of the implementation's classpath. > All calls to Class.getMethod and Method.invoke (among others) need to be > invoked inside a doPrivileged block. > ------------------------------------------------------------------------------------------------------------- > > Key: JDO-555 > URL: https://issues.apache.org/jira/browse/JDO-555 > Project: JDO > Issue Type: Bug > Components: api2, api2-legacy > Affects Versions: JDO 2 maintenance release 1 > Reporter: Matthew T. Adams > Assignee: Andy Jefferson > Priority: Minor > Fix For: JDO 2 maintenance release 2 > > Attachments: ClassMetaData.java-patch, datanucleus.patch, > datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch > > > Discovered in review of patch to JDO-545. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.