[
https://issues.apache.org/jira/browse/JDO-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12614817#action_12614817
]
Craig Russell commented on JDO-555:
-----------------------------------
The ROF class still has the issue. This code (appears in two places) is
problematic.
if (cls != null && cls.getName().equals("java.util.Map"))
{
// Spec 14.6.12 If user specifies java.util.Map, then impl chooses
its own implementation Map class
try
{
tmpClass = Class.forName("java.util.HashMap", true,
cls.getClassLoader());
}
catch (ClassNotFoundException cnfe)
{
tmpClass = cls;
}
}
else
{
tmpClass = cls;
}
I think the line
tmpClass = Class.forName("java.util.HashMap", true,
cls.getClassLoader());
needs to be wrapped in a doPrivileged block, or a simpler implementation, e.g.
tmpClass = Class.forName("java.util.HashMap");
It's not obvious to me that we need to cater for a different java.util.HashMap
class in the user's classpath instead of the implementation's classpath.
> All calls to Class.getMethod and Method.invoke (among others) need to be
> invoked inside a doPrivileged block.
> -------------------------------------------------------------------------------------------------------------
>
> Key: JDO-555
> URL: https://issues.apache.org/jira/browse/JDO-555
> Project: JDO
> Issue Type: Bug
> Components: api2, api2-legacy
> Affects Versions: JDO 2 maintenance release 1
> Reporter: Matthew T. Adams
> Assignee: Andy Jefferson
> Priority: Minor
> Fix For: JDO 2 maintenance release 2
>
> Attachments: ClassMetaData.java-patch, datanucleus.patch,
> datanucleus.patch, jdo-555.patch, jdo-555.patch, jdo-555.patch, xmlbean.patch
>
>
> Discovered in review of patch to JDO-545.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
