db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r540658 - /db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
Date Tue, 22 May 2007 17:35:31 GMT
Author: djd
Date: Tue May 22 10:35:30 2007
New Revision: 540658

URL: http://svn.apache.org/viewvc?view=rev&rev=540658
Log:
Patch to not attempt to reload the security policy if no security manager is installed by
the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY procedure.
Also cleanup the procedure implementation to be self contained by using an anonymous inner
class for the privilege block. This removes a security hole where other code could use the
previous public class to perform policy refreshes. Also fix the exception handling to correctly
catch SecurityException, previously the code only caught checked exceptions which are not
thrown
by Policy.getPolicy().refresh().

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java?view=diff&rev=540658&r1=540657&r2=540658
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java Tue May
22 10:35:30 2007
@@ -21,9 +21,8 @@
 
 package org.apache.derby.catalog;
 
-import java.security.AccessControlException;
 import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedAction;
 import java.security.Policy;
 import java.sql.Connection;
 import java.sql.DatabaseMetaData;
@@ -77,20 +76,6 @@
      */
     public  static String SQLERRMC_MESSAGE_DELIMITER = new String(new char[] {(char)20,(char)20,(char)20});
 
-    public  static  class   ReloadPolicyAction   implements PrivilegedExceptionAction
-    {
-        public     ReloadPolicyAction() {}
-       
-        public  Object  run()
-        throws Exception
-        {
-            Policy          policy = Policy.getPolicy();
-            
-            policy.refresh();
-        
-            return null;
-        }
-    }
 	/**
 	  Method used by Derby Network Server to get localized message (original call
 	  from jcc.
@@ -1444,14 +1429,24 @@
     public static void SYSCS_RELOAD_SECURITY_POLICY()
         throws SQLException
     {
-        ReloadPolicyAction             reloadPolicyAction = new ReloadPolicyAction();
-
+        // If no security manager installed then there
+        // is no policy to refresh. Calling Policy.getPolicy().refresh()
+        // without a SecurityManager seems to lock in a policy with
+        // no permissions thus ignoring the system property java.security.policy
+        // when later installing a SecurityManager.
+        if (System.getSecurityManager() == null)
+            return;
+        
         try {
-            AccessController.doPrivileged( reloadPolicyAction );
-        }
-        catch (Exception e)
-        {
-            throw Util.policyNotReloaded( e );
+            AccessController.doPrivileged(
+                    new PrivilegedAction() {
+                        public Object run() {
+                            Policy.getPolicy().refresh();
+                            return null;
+                        }
+                    });
+        } catch (SecurityException se) {
+            throw Util.policyNotReloaded(se);
         }
     }
 



Mime
View raw message