diff --git a/openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java b/openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java
index ff35d3a25..c770456ac 100644
--- a/openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java
+++ b/openjpa-kernel/src/main/java/org/apache/openjpa/meta/AbstractCFMetaDataFactory.java
@@ -19,6 +19,7 @@
package org.apache.openjpa.meta;
import java.io.File;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
@@ -656,9 +657,15 @@ public abstract class AbstractCFMetaDataFactory
if (log.isTraceEnabled())
log.trace(_loc.get("scan-found-names", clss, file));
names.addAll(Arrays.asList(clss));
- mapPersistentTypeNames(((File) AccessController
+ File f = (File) AccessController
.doPrivileged(J2DoPrivHelper
- .getAbsoluteFileAction(file))).toURL(), clss);
+ .getAbsoluteFileAction(file));
+ try {
+ mapPersistentTypeNames(AccessController
+ .doPrivileged(J2DoPrivHelper.toURLAction(f)), clss);
+ } catch (PrivilegedActionException pae) {
+ throw (FileNotFoundException) pae.getException();
+ }
}
}
}
diff --git a/openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java b/openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java
index 9e325dab5..97aeb1f94 100644
--- a/openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java
+++ b/openjpa-kernel/src/main/java/org/apache/openjpa/util/ProxyManagerImpl.java
@@ -517,7 +517,8 @@ public class ProxyManagerImpl
boolean runtime) {
assertNotFinal(type);
Project project = new Project();
- BCClass bc = project.loadClass(getProxyClassName(type, runtime));
+ BCClass bc = (BCClass) AccessController.doPrivileged(J2DoPrivHelper
+ .loadProjectClassAction(project, getProxyClassName(type, runtime)));
bc.setSuperclass(type);
bc.declareInterface(ProxyCollection.class);
@@ -554,7 +555,8 @@ public class ProxyManagerImpl
protected BCClass generateProxyMapBytecode(Class type, boolean runtime) {
assertNotFinal(type);
Project project = new Project();
- BCClass bc = project.loadClass(getProxyClassName(type, runtime));
+ BCClass bc = (BCClass) AccessController.doPrivileged(J2DoPrivHelper
+ .loadProjectClassAction(project, getProxyClassName(type, runtime)));
bc.setSuperclass(type);
bc.declareInterface(ProxyMap.class);
@@ -573,7 +575,8 @@ public class ProxyManagerImpl
protected BCClass generateProxyDateBytecode(Class type, boolean runtime) {
assertNotFinal(type);
Project project = new Project();
- BCClass bc = project.loadClass(getProxyClassName(type, runtime));
+ BCClass bc = (BCClass) AccessController.doPrivileged(J2DoPrivHelper
+ .loadProjectClassAction(project, getProxyClassName(type, runtime)));
bc.setSuperclass(type);
bc.declareInterface(ProxyDate.class);
@@ -592,7 +595,8 @@ public class ProxyManagerImpl
boolean runtime) {
assertNotFinal(type);
Project project = new Project();
- BCClass bc = project.loadClass(getProxyClassName(type, runtime));
+ BCClass bc = (BCClass) AccessController.doPrivileged(J2DoPrivHelper
+ .loadProjectClassAction(project, getProxyClassName(type, runtime)));
bc.setSuperclass(type);
bc.declareInterface(ProxyCalendar.class);
@@ -626,7 +630,8 @@ public class ProxyManagerImpl
}
Project project = new Project();
- BCClass bc = project.loadClass(getProxyClassName(type, runtime));
+ BCClass bc = (BCClass) AccessController.doPrivileged(J2DoPrivHelper
+ .loadProjectClassAction(project, getProxyClassName(type, runtime)));
bc.setSuperclass(type);
bc.declareInterface(ProxyBean.class);
diff --git a/openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java b/openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java
index a2d69da6e..d63f2365b 100644
--- a/openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java
+++ b/openjpa-lib/src/main/java/org/apache/openjpa/lib/meta/FileMetaDataIterator.java
@@ -24,6 +24,7 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
@@ -111,8 +112,14 @@ public class FileMetaDataIterator implements MetaDataIterator {
throw new NoSuchElementException();
_file = (File) _itr.next();
- return ((File) AccessController.doPrivileged(J2DoPrivHelper
- .getAbsoluteFileAction(_file))).toURL();
+ try {
+ File f = (File) AccessController.doPrivileged(J2DoPrivHelper
+ .getAbsoluteFileAction(_file));
+ return AccessController.doPrivileged(
+ J2DoPrivHelper.toURLAction(f));
+ } catch (PrivilegedActionException pae) {
+ throw (MalformedURLException) pae.getException();
+ }
}
public InputStream getInputStream() throws IOException {
diff --git a/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java b/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java
index 838759865..32cb35f1e 100644
--- a/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java
+++ b/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java
@@ -25,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.AccessibleObject;
import java.net.InetAddress;
+import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URL;
@@ -69,6 +70,7 @@ import serp.bytecode.Project;
* File.isDirectory
* File.mkdirs
* File.renameTo
+ * File.toURL
* FileInputStream new
* FileOutputStream new
* System.getProperties
@@ -593,6 +595,24 @@ public abstract class J2DoPrivHelper {
};
}
+ /**
+ * Return a PrivilegedExceptionAction object for f.toURL().
+ *
+ * Requires security policy:
+ * 'permission java.io.FilePermission "read";'
+ *
+ * @return Boolean
+ * @throws MalformedURLException
+ */
+ public static final PrivilegedExceptionAction toURLAction(final File file)
+ throws MalformedURLException {
+ return new PrivilegedExceptionAction() {
+ public Object run() throws MalformedURLException {
+ return file.toURL();
+ }
+ };
+ }
+
/**
* Return a PrivilegedExceptionAction object for new FileInputStream().
*
@@ -966,4 +986,21 @@ public abstract class J2DoPrivHelper {
}
};
}
+
+ /**
+ * Return a PrivilegeAction object for Project.loadClass().
+ *
+ * Requires security policy:
+ * 'permission java.lang.RuntimePermission "getClassLoader";'
+ *
+ * @return BCClass
+ */
+ public static final PrivilegedAction loadProjectClassAction(
+ final Project project, final String clazzName) {
+ return new PrivilegedAction() {
+ public Object run() {
+ return project.loadClass(clazzName);
+ }
+ };
+ }
}
diff --git a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java
index 630162b7e..48f6e534f 100644
--- a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java
+++ b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceProductDerivation.java
@@ -20,6 +20,7 @@ package org.apache.openjpa.persistence;
import java.io.File;
import java.io.IOException;
+import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedActionException;
@@ -458,7 +459,12 @@ public class PersistenceProductDerivation
@Override
public void parse(File file)
throws IOException {
- _source = file.toURL();
+ try {
+ _source = (URL) AccessController.doPrivileged(J2DoPrivHelper
+ .toURLAction(file));
+ } catch (PrivilegedActionException pae) {
+ throw (MalformedURLException) pae.getException();
+ }
super.parse(file);
}
diff --git a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java
index 29393ad92..8596d2321 100644
--- a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java
+++ b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/PersistenceUnitInfoImpl.java
@@ -24,6 +24,7 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.AccessController;
+import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -219,8 +220,12 @@ public class PersistenceUnitInfoImpl
if (cp[i].equals(name)
|| cp[i].endsWith(File.separatorChar + name)) {
try {
- addJarFile(new File(cp[i]).toURL());
+ addJarFile((URL) AccessController
+ .doPrivileged(J2DoPrivHelper
+ .toURLAction(new File(cp[i]))));
return;
+ } catch (PrivilegedActionException pae) {
+ break;
} catch (MalformedURLException mue) {
break;
}