Hello!
Seems that Liferay PACL security rules doesn't support some JDBC libraries like orbroker (http://code.google.com/p/orbroker/) and blocks connections to data source. And this cannot be fixed only with PACL settings liferay-plugin-package.property file.
This is blocking issue for us, because we cannot post application into Marketplace with security off.
In our project we got two types of issues:
1. "Attempt to reflect", which is caused by ReflectChecker. This checker doesn't have rules for java.io.ObjectStreamClass which is used by postgres jdbc driver so we got an exception (only few classes are allowed to reflect in Liferay sources).
This appear in Liferay CE 6.1.1+ and in Liferay EE 6.1.20
2. In Liferay CE (but not in EE) we can fix previous issue with adding "security-manager-sockets-connect" with address of our postgres server (no ideas how this affects reflect checker), but this leads to another two problems:
- for production version we must fill "security-manager-sockets-connect" with list of
all addresses we want to connect, but this is impossible, because we cannot predict all addresses of DB servers which users can use
- even if we add this addresses, we got another exception with RuntimeChecker: in Liferay sources it allows read file descriptor only from java.lang.ProcessImpl, but in our code we connect to DB via network, and code fail on checking read file descriptor permission from java.net.SocketInputStream.
It will be great if PACL will be more flexible without a lot of hardcoded restrictions.
