On 3/21/2013 6:02 AM, Steve Ebersole wrote:
> Working with the new TCK I ran across 2 situations I'd like to discuss with the group.
>
> First, the new TCK is now including assertions that EntityManager.getProperties() contains properties used to build the
> EntityManagerFactory that was used to create the EntityManager. In my opinion the spec does not say anywhere that this
> should be the case. Can anyone point me to where it does if I am wrong (or else the TCK needs to be fixed for that)?
>
I don't believe it does. This sounds like a bug.
> Secondly, the types of properties the TCK is checking for got me thinking. It checks for some sensitive information like
> JDBC url and user and password. These are things we expose and are kind of forced to expose at the moment. I'd like to
> suggest that we update the spec to explicitly state that some of these properties are not available period, at the very
> least javax.persistence.jdbc.password though I'd argue for javax.persistence.jdbc.url and javax.persistence.jdbc.user as
> well.
Are you referring to EMF.getProperties? I wouldn't expect these to be available from EM.getProperties.
I think it is reasonable that an environment be able to restrict the availability of such information.
I think that adding something like the following to the discussion of the EMF interface in the spec would
be reasonable:
Note that the policies of the installation environment may restrict some information from being made
available through the getProperties method (for example, JDBC user, password, URL).