db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r544870 - in /db/derby/code/trunk/java: engine/ engine/org/apache/derby/authentication/ engine/org/apache/derby/security/ testing/org/apache/derbyTesting/unitTests/ testing/org/apache/derbyTesting/unitTests/junit/
Date Wed, 06 Jun 2007 15:42:54 GMT
Author: rhillegas
Date: Wed Jun  6 08:42:53 2007
New Revision: 544870

URL: http://svn.apache.org/viewvc?view=rev&rev=544870
Log:
DERBY-2109: Committed Martin's patch which creates the Derby permissions and principal classes.

Added:
    db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/security/
    db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java   (with props)
    db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml   (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java   (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy   (with props)
Modified:
    db/derby/code/trunk/java/engine/build.xml
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/build.xml
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java

Modified: db/derby/code/trunk/java/engine/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/build.xml?view=diff&rev=544870&r1=544869&r2=544870
==============================================================================
--- db/derby/code/trunk/java/engine/build.xml (original)
+++ db/derby/code/trunk/java/engine/build.xml Wed Jun  6 08:42:53 2007
@@ -61,6 +61,7 @@
     <ant dir="${derby.engine.dir}/jdbc"/>
     <ant dir="${derby.engine.dir}/osgi"/>
     <ant dir="${derby.engine.dir}/catalog"/>
+    <ant dir="${derby.engine.dir}/security"/>
     <ant dir="${derby.engine.dir}/diag"/>
       	<copy todir="${out.dir}/${derby.dir}">
           <fileset dir="${derby.engine.dir}">

Added: db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java Wed Jun  6 08:42:53 2007
@@ -0,0 +1,99 @@
+/*
+
+   Derby - Class org.apache.derby.authentication.DatabasePrincipal
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.authentication;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * This class represents Derby's notion of a principal, a concept of
+ * user identity with controlled access to Derby-specific privileges.
+ * An authenticated user may have other identities which make sense in
+ * other code domains.
+ */
+public class DatabasePrincipal implements Principal, Serializable {
+
+    /**
+     * The name of the principal.
+     */
+    private final String userName;
+
+    /**
+     * Constructs a principal with the specified name.
+     *
+     * @param userName the name of the principal
+     */
+    public DatabasePrincipal(String userName) {
+        this.userName = userName;
+    }
+
+    /**
+     * Compares this principal to the specified object. Returns true if
+     * the object passed in matches the principal represented by the
+     * implementation of this interface.
+     *
+     * @param other principal to compare with
+     * @return true if the principal passed in is the same as that
+     *         encapsulated by this principal, and false otherwise
+     * @see Principal.equal()
+     */
+    public boolean equals(Object other) {
+        if (other == null) {
+            return false;
+        }
+        if (!(other instanceof DatabasePrincipal)) {
+            return false;
+        }
+        final DatabasePrincipal that = (DatabasePrincipal)other;
+        return this.getName().equals(that.getName());
+    }
+
+    /**
+     * Returns the name of this principal.
+     *
+     * @return the name of this principal
+     * @see Principal.getName()
+     */
+    public String getName() {
+        return userName;
+    }
+
+    /**
+     * Returns a hashcode for this principal.
+     *
+     * @return a hashcode for this principal
+     * @see Principal.hashCode()
+     */
+    public int hashCode() {
+        return getName().hashCode();
+    }
+
+    /**
+     * Returns a string representation of this principal.
+     *
+     * @return a string representation of this principal
+     * @see Principal.toString()
+     */
+    public String toString() {
+        return this.getClass().getName() + "(" + getName() + ")";
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/authentication/DatabasePrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java Wed Jun  6 08:42:53 2007
@@ -0,0 +1,452 @@
+/*
+
+   Derby - Class org.apache.derby.security.DatabasePermission
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.security;
+
+import java.security.Permission;
+
+import java.util.Set;
+import java.util.HashSet;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+
+
+/**
+ * This class represents access to database-scoped privileges.
+ *
+ * An example of database-scoped privileges is the permission to create
+ * a database under a specified directory path.
+ * <p>
+ * A DatabasePermission is defined by two string attributes, similar to
+ * a java.io.FilePermission:
+ * <ul>
+ * <li> <i>URL</i> - a location description of or for a Derby database
+ * <li> <i>Actions</i> - a list of granted administrative actions
+ * </ul>
+ * The database location URL may contain certain wildcard characters.
+ * The currently only supported database action is <i>create</i>.
+ *
+ * @see DatabasePermission(String,String)
+ * @see SystemPermission
+ * @see java.io.FilePermission
+ */
+public class DatabasePermission extends Permission {
+
+    /**
+     * The URL protocol scheme specifying a directory location.
+     */
+    static public final String URL_PROTOCOL_DIRECTORY = "directory:";
+
+    /**
+     * The URL file path separator character.
+     */
+    static public final char URL_PATH_SEPARATOR_CHAR = '/';
+
+    /**
+     * The relative path character.
+     */
+    static public final char URL_PATH_RELATIVE_CHAR = '.';
+
+    /**
+     * The wildcard character specifying arbitrarily named databases
+     * under a directory path.
+     */
+    static public final char URL_PATH_WILDCARD_CHAR = '*';
+
+    /**
+     * The wildcard character specifying arbitrarily named databases
+     * anywhere under a path and its subdirectories.
+     */
+    static public final char URL_PATH_RECURSIVE_CHAR = '-';
+
+    // derived path type constants
+    static public final String URL_PATH_SEPARATOR_STRING
+        = String.valueOf(URL_PATH_SEPARATOR_CHAR);
+    static public final String URL_PATH_RELATIVE_STRING
+        = String.valueOf(URL_PATH_RELATIVE_CHAR);
+    static public final String URL_PATH_RELATIVE_PREFIX
+        = (URL_PATH_RELATIVE_STRING + URL_PATH_SEPARATOR_CHAR);
+    static public final String URL_PATH_WILDCARD_STRING
+        = String.valueOf(URL_PATH_WILDCARD_CHAR);
+    static public final String URL_PATH_WILDCARD_SUFFIX
+        = (URL_PATH_SEPARATOR_STRING + URL_PATH_WILDCARD_CHAR);
+    static public final String URL_PATH_RECURSIVE_STRING
+        = String.valueOf(URL_PATH_RECURSIVE_CHAR);
+    static public final String URL_PATH_RECURSIVE_SUFFIX
+        = (URL_PATH_SEPARATOR_STRING + URL_PATH_RECURSIVE_CHAR);
+
+    /**
+     * The create database permission.
+     */
+    static public final String CREATE = "create";
+
+    /**
+     * The legal database permission action names.
+     */
+    static protected final Set LEGAL_ACTIONS = new HashSet();
+    static {
+        // when adding new actions, check method: implies(Permission)
+        LEGAL_ACTIONS.add(CREATE);
+    };
+
+    /**
+     * The original location URL passed to constructor.
+     */
+    private final String url;
+
+    /**
+     * This permission's canonical directory path.
+     *
+     * The path consists of a canonicalized form of the user-specified URL,
+     * stripped off the protocol specification and any recursive/wildcard
+     * characters.  The canonical path is used when testing permissions
+     * with implies(), where real directory locations, not just notational
+     * differences, ought to be compared.  Analog to java.io.FilePermission,
+     * the canonical path is also used by equals() and hashCode() to support
+     * hashing and mapping of permissions by their real directory locations.
+     *
+     * Because canonical file paths are platform dependent, this field
+     * must not be serialized (hence transient) but be recomputed from
+     * the original URL upon deserialization.
+     */
+    private transient String path;
+
+    /**
+     * The parent directory of this permission's canonical directory path,
+     * or null if this permission's path does not name a parent directory.
+     *
+     * Because canonical file paths are platform dependent, this field
+     * must not be serialized (hence transient) but be recomputed from
+     * the original URL upon deserialization.
+     */
+    private transient String parentPath;
+
+    /**
+     * Indicates whether the path denotes a recursive, wildcard, or single
+     * location.
+     *
+     * If the path denotes a recursive or wildcard location, this field's
+     * value is URL_PATH_RECURSIVE_CHAR or URL_PATH_WILDCARD_CHAR,
+     * respectively; otherwise, it's URL_PATH_SEPARATOR_CHAR denoting a
+     * single location.
+     */
+    private char pathType;
+
+    /**
+     * Creates a new DatabasePermission with the specified URL and actions.
+     * <P>
+     * <i>actions</i> contains a comma-separated list of the desired actions
+     * granted on a database. Currently, the only supported action is
+     * <code>create</code>.
+     * <P>
+     * <i>URL</i> denotes a database location URL, which, at this time, must
+     * start with <code>directory:</code> followed by a directory pathname.
+     * Note that in a URL, the separator character is always "/" rather than
+     * the file separator of the operating-system.  The directory path may
+     * be absolute or relative, in which case it is prefixed with the current
+     * user directory. In addition, similar to java.io.FilePermission, the
+     * directory pathname may end with a wildcard character to allow for
+     * arbitrarily named databases under a path:
+     * <ul>
+     * <li> "directory:location" - refers to a database called
+     *      <i>location</i>,
+     * <li> "directory:location/*" - refers to any database in the
+     *      directory <i>location</i>,
+     * <li> "directory:location/-" - refers to any database anywhere under
+     *      <i>location</i> or its subdirectories.
+     * <li> "directory:*" - refers to any database in the user's current
+     *      working directory.
+     * <li> "directory:-" - refers to any database anywhere under the
+     *      user's current working directory or its subdirectories.
+     * </ul>
+     * Note that in contrast to FilePermission, there is no reasonable use
+     * for a special pathname "<<ALL FILES>>" matching all locations.
+     *
+     * @param url the database URL
+     * @param actions the action string
+     * @throws NullPointerException if an argument is null
+     * @throws IllegalArgumentException if an argument is not legal
+     * @throws IOException if the location URL cannot be canonicalized
+     * @see Permission(String)
+     * @see FilePermission(String,String)
+     */
+    public DatabasePermission(String url, String actions)
+        throws IOException {
+        super(url);
+        initActions(actions);
+        initLocation(url);
+
+        // store original URL for reconstructing path at deserialization
+        this.url = url;
+    }
+
+    /**
+     * Parses the list of database actions.
+     *
+     * @param actions the comma-separated action list
+     * @throws NullPointerException if actions is null
+     * @throws IllegalArgumentException if not a list of legal actions
+     */
+    protected void initActions(String actions) {
+        // note that exception messages on the action list aren't localized,
+        // as is the general rule with runtime exceptions indicating
+        // internal coding errors
+
+        // analog to java.security.BasicPermission, we check that actions
+        // is not null nor empty
+	if (actions == null) {
+	    throw new NullPointerException("actions can't be null");
+        }
+	if (actions.length() == 0) {
+	    throw new IllegalArgumentException("actions can't be empty");
+	}
+
+        // splitting the comma-separated list into the individual actions
+        // may throw a java.util.regex.PatternSyntaxException, which is a
+        // java.lang.IllegalArgumentException, hence directly applicable
+        final String[] s = actions.split(",");
+
+        // check for any illegal actions
+        for (int i = 0; i < s.length; i++) {
+            final String action = s[i].trim();
+            if (!LEGAL_ACTIONS.contains(action)) {
+                // report illegal action
+                final String msg = "Illegal action '" + action + "'";
+                //System.out.println("DatabasePermission: " + msg);
+                throw new IllegalArgumentException(msg);
+            }
+        }
+    }
+
+    /**
+     * Parses the database location URL.
+     *
+     * @param url the database URL
+     * @throws NullPointerException if the URL is null
+     * @throws IllegalArgumentException if the URL is not well-formed
+     * @throws IOException if the location URL cannot be canonicalized
+     */
+    protected void initLocation(String url)
+        throws IOException {
+        // note that exception messages on the URL aren't localized,
+        // as is the general rule with runtime exceptions indicating
+        // internal coding errors
+
+        // analog to java.security.BasicPermission, we check that URL
+        // is not null nor empty
+	if (url == null) {
+	    throw new NullPointerException("URL can't be null");
+        }
+	if (url.length() == 0) {
+	    throw new IllegalArgumentException("URL can't be empty");
+	}
+
+        // check URL's protocol scheme and initialize path
+        if (!url.startsWith(URL_PROTOCOL_DIRECTORY)) {
+            final String msg = "Unsupported protocol in URL '" + url + "'";
+            //System.out.println("DatabasePermission: " + msg);
+            throw new IllegalArgumentException(msg);
+        }
+        String p = url.substring(URL_PROTOCOL_DIRECTORY.length());
+
+        // check path for relative/recursive/wildcard specifications,
+        // split path into real pathname and the path type
+        if (p.equals(URL_PATH_RECURSIVE_STRING)) {
+            // relative & recursive:  "-" --> '-', "./"
+            pathType = URL_PATH_RECURSIVE_CHAR;
+            p = URL_PATH_RELATIVE_PREFIX;
+        } else if (p.equals(URL_PATH_WILDCARD_STRING)) {
+            // relative & wildcard:   "*" --> '*', "./"
+            pathType = URL_PATH_WILDCARD_CHAR;
+            p = URL_PATH_RELATIVE_PREFIX;
+        } else if (p.endsWith(URL_PATH_RECURSIVE_SUFFIX)) {
+            // absolute & recursive:  "<path>/-" --> '-', "<path>/"
+            pathType = URL_PATH_RECURSIVE_CHAR;
+            p = p.substring(0, p.length() - 1);
+        } else if (p.endsWith(URL_PATH_WILDCARD_SUFFIX)) {
+            // absolute & wildcard:   "<path>/*" --> '*', "<path>/"
+            pathType = URL_PATH_WILDCARD_CHAR;
+            p = p.substring(0, p.length() - 1);
+        } else {
+            // absolute | relative:   "<path>" --> '/', "<path>"
+            pathType = URL_PATH_SEPARATOR_CHAR;
+            // p = p;
+        }
+
+        // resolve against user's working directory if relative pathname
+        if (p.startsWith(URL_PATH_RELATIVE_PREFIX)) {
+            final String cwd = System.getProperty("user.dir");
+            // concatenated path "<cwd>/./<path>" will be canonicalized
+            p = cwd + URL_PATH_SEPARATOR_STRING + p;
+        }
+
+        // store canonicalized path as required for implies(Permission);
+        // may throw IOException 
+        final File f = (new File(p)).getCanonicalFile();
+        this.path = f.getPath();
+
+        // store canonicalized path of parent file as required for
+        // implies(Permission); may throw IOException; note that
+        // the path already denotes parent directory if of wildcard type:
+        // for example, the parent of "/a/-" or "/a/*" is "/a"
+        this.parentPath = ((pathType != URL_PATH_SEPARATOR_CHAR)
+                           ? path : f.getParent());
+
+        //assert (pathType == URL_PATH_SEPARATOR_CHAR
+        //        || pathType == URL_PATH_WILDCARD_CHAR
+        //        || pathType == URL_PATH_RECURSIVE_CHAR);
+        //assert (path != null);
+    }
+
+    /**
+     * Checks if this DatabasePermission implies a specified permission.
+     * <P>
+     * This method returns true if:<p>
+     * <ul>
+     * <li> <i>p</i> is an instanceof DatabasePermission and<p>
+     * <li> <i>p</i>'s directory pathname is implied by this object's
+     *      pathname. For example, "/tmp/*" implies "/tmp/foo", since
+     *      "/tmp/*" encompasses the "/tmp" directory and all files in that
+     *      directory, including the one named "foo".
+     * </ul>
+     * @param p the permission to check against
+     * @return true if the specified permission is implied by this object,
+     * false if not
+     * @see Permission.implies(Permission)
+     */
+    public boolean implies(Permission p) {
+        //System.out.println("this = " + this);
+        //System.out.println("that = " + p);
+
+        // can only imply other DatabasePermissions
+        if (!(p instanceof DatabasePermission)) {
+            return false;
+        }
+        final DatabasePermission that = (DatabasePermission)p;
+
+        // a recursive permission implies any other if a path prefix
+        if (this.pathType == URL_PATH_RECURSIVE_CHAR) {
+            return (that.parentPath != null
+                    && that.parentPath.startsWith(this.path));
+        }
+        //assert (this.pathType != URL_PATH_RECURSIVE_CHAR);
+
+        // a non-recursive permission cannot imply a recursive one
+        if (that.pathType == URL_PATH_RECURSIVE_CHAR) {
+            return false;
+        }
+        //assert (that.pathType != URL_PATH_RECURSIVE_CHAR);
+
+        //System.out.println("");
+        
+        // a wildcard permission implies another if a parent directory
+        if (this.pathType == URL_PATH_WILDCARD_CHAR) {
+            return this.path.equals(that.parentPath);
+        }
+        //assert (this.pathType != URL_PATH_WILDCARD_CHAR);
+
+        // a non-wildcard permission cannot imply a wildcard one
+        if (that.pathType == URL_PATH_WILDCARD_CHAR) {
+            return false;
+        }
+        //assert (that.pathType != URL_PATH_WILDCARD_CHAR);
+
+        // non-recursive, non-wildcard permissions imply when paths are equal
+        //assert (this.pathType == URL_PATH_SEPARATOR_CHAR);
+        //assert (that.pathType == URL_PATH_SEPARATOR_CHAR);
+        return this.path.equals(that.path);
+    }
+
+    /**
+     * Checks two DatabasePermission objects for equality.
+     * <P>
+     * Checks that <i>obj</i> is a DatabasePermission and has the same
+     * canonizalized URL and actions as this object.
+     * <P>
+     * @param obj the object we are testing for equality with this object
+     * @return true if obj is a DatabasePermission, and has the same URL and
+     * actions as this DatabasePermission object, false if not
+     *
+     * @see Permission.equals(Object)
+     */
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+
+        if (!(obj instanceof DatabasePermission)) {
+            return false;
+        }
+        final DatabasePermission that = (DatabasePermission)obj;
+
+        // compare canonicalized URLs
+        return (path.equals(that.path) && pathType == that.pathType);
+    }
+
+    /**
+     * Returns the hash code value for this object.
+     *
+     * @return a hash code value for this object
+     * @see Permission.hashCode()
+     */
+    public int hashCode() {
+        // hash canonicalized URL
+        return (path.hashCode() ^ pathType);
+    }
+
+    /**
+     * Returns the "canonical string representation" of the actions.
+     *
+     * @return the canonical string representation of the actions
+     * @see Permission.getActions()
+     */
+    public String getActions() {
+        // currently, the only supported action
+        return CREATE;
+    }
+
+
+    /**
+     * Called upon Serialization for saving the state of this
+     * DatabasePermission to a stream.
+     */
+    private void writeObject(ObjectOutputStream s)
+        throws IOException {
+        // write the non-static and non-transient fields to the stream
+        s.defaultWriteObject();
+    }
+
+    /**
+     * Called upon Deserialization for restoring the state of this
+     * DatabasePermission from a stream.
+     */
+    private void readObject(ObjectInputStream s)
+         throws IOException, ClassNotFoundException
+    {
+        // read the non-static and non-transient fields from the stream
+        s.defaultReadObject();
+        // restore the platform-dependent path from the original URL
+        initLocation(url);
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java Wed Jun  6 08:42:53 2007
@@ -0,0 +1,80 @@
+/*
+
+   Derby - Class org.apache.derby.security.SystemPermission
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derby.security;
+
+import java.security.BasicPermission;
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * This class represents access to system-wide Derby privileges.
+ */
+public class SystemPermission extends BasicPermission {
+
+    /**
+     * The engine shutdown permission.
+     */
+    static public final String SHUTDOWN = "shutdownEngine";
+
+    /**
+     * The legal system permission names.
+     */
+    static protected final Set LEGAL_PERMISSIONS = new HashSet();    
+    static {
+        // when adding new permissions, check whether to override inherited
+        // method: implies(Permission)
+        LEGAL_PERMISSIONS.add(SHUTDOWN);
+    };
+
+    /**
+     * Checks a name for denoting a legal SystemPermission.
+     *
+     * @param name the name of a SystemPermission
+     * @throws IllegalArgumentException if name is not a legal SystemPermission
+     */
+    static protected void checkPermission(String name) {
+        // superclass BasicPermission has checked that name isn't null
+        // (NullPointerException) or empty (IllegalArgumentException)
+        //assert(name != null);
+        //assert(!name.equals(""));
+
+        // note that exception messages on the name aren't localized,
+        // as is the general rule with runtime exceptions indicating
+        // internal coding errors
+        if (!LEGAL_PERMISSIONS.contains(name)) {
+            throw new IllegalArgumentException("Unknown permission " + name);
+        }
+    }
+    
+    /**
+     * Creates a new SystemPermission with the specified name.
+     *
+     * @param name the name of the SystemPermission
+     * @throws NullPointerException if name is null
+     * @throws IllegalArgumentException if name is empty or not a legal SystemPermission
+     * @see BasicPermission(String)
+     */
+    public SystemPermission(String name) {
+        super(name);
+        checkPermission(name);
+    }
+}

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/security/SystemPermission.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml (added)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml Wed Jun  6 08:42:53 2007
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+
+<project default="security" basedir="../../../../../..">
+
+<!-- Set Properties -->
+  <!-- User settings -->
+  <property file="${user.home}/ant.properties"/>
+  <!-- Set property lib dir -->
+  <property name="properties.dir" value="tools/ant/properties"/>
+  <!-- Significant dirs -->
+  <property file="${properties.dir}/dirs.properties"/>
+  <!-- Compiler settings -->
+  <property file="${properties.dir}/defaultcompiler.properties"/>
+  <property file="${properties.dir}/${build.compiler}.properties"/>
+  <!-- Compile-time classpath properties files -->
+  <property file="${properties.dir}/extrapath.properties"/>
+  <property file="${properties.dir}/compilepath.properties"/>
+
+<!-- Targets -->
+  <target name="security" depends="compile_security"/>
+
+  <target name="compile_security">
+    <javac
+      source="1.4"
+      target="1.4"
+      bootclasspath="${empty}"
+      nowarn="on"
+      debug="${debug}"
+      depend="${depend}"
+      deprecation="${deprecation}"
+      optimize="${optimize}"
+      proceed="${proceed}"
+      verbose="${verbose}"
+      srcdir="${derby.engine.src.dir}"
+      destdir="${out.dir}">
+      <classpath>
+        <pathelement path="${compile.classpath}"/>
+      </classpath>
+      <include name="${derby.dir}/security/**"/>
+    </javac>
+  </target>
+
+</project>

Propchange: db/derby/code/trunk/java/engine/org/apache/derby/security/build.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/build.xml?view=diff&rev=544870&r1=544869&r2=544870
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/build.xml (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/build.xml Wed Jun  6 08:42:53 2007
@@ -74,7 +74,11 @@
       </classpath>
       <include name="${derby.testing.unittest.dir}/**/*.java"/>
     </javac>
-  </target>
+    <copy todir="${out.dir}/${derby.testing.unittest.dir}">
+      <fileset dir="${derby.testing.src.dir}/${derby.testing.unittest.dir}" 
+        includes="**/*.policy"/>  
+    </copy>
+  </target> 
 
 <!--             ============= End Targets ==============                -->
 

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java Wed Jun  6 08:42:53 2007
@@ -0,0 +1,582 @@
+/*
+
+   Derby - Class org.apache.derbyTesting.unitTests.junit.SystemPrivilegesPermissionTest
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to you under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derbyTesting.unitTests.junit;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.derbyTesting.junit.BaseTestCase;
+import org.apache.derbyTesting.junit.SecurityManagerSetup;
+
+import java.util.Set;
+import java.util.HashSet;
+
+import java.io.IOException;
+
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
+import java.security.AccessController;
+import java.security.AccessControlException;
+import java.security.Permission;
+import javax.security.auth.Subject;
+
+import org.apache.derby.authentication.DatabasePrincipal;
+import org.apache.derby.security.SystemPermission;
+import org.apache.derby.security.DatabasePermission;
+
+
+/**
+ * This class tests the basic permission classes for system privileges.
+ */
+public class SystemPrivilegesPermissionTest extends BaseTestCase {
+
+    /**
+     * This test's policy file.
+     */
+    static private String POLICY_FILE_NAME
+        = "org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy";
+
+    /**
+     * Some directory paths for testing DatabasePermissions.
+     */
+    static private final String[] dirPaths = {
+        "-",
+        "*",
+        "level0",
+        "level0a",
+        "level0/-",
+        "level0/*",
+        "level0/level1",
+        "level0/level1/level2"
+    };
+
+    /**
+     * Some relative directory paths for testing DatabasePermissions.
+     */
+    static private final String[] relDirPaths
+        = new String[dirPaths.length];
+    static {
+        for (int i = 0; i < relDirPaths.length; i++) {
+            relDirPaths[i] = "directory:" + dirPaths[i];
+        }
+    };
+
+    /**
+     * Some relative directory path aliases for testing DatabasePermissions.
+     */
+    static private final String[] relDirPathAliases
+        = new String[dirPaths.length];
+    static {
+        for (int i = 0; i < relDirPaths.length; i++) {
+            relDirPathAliases[i] = "directory:./" + dirPaths[i];
+        }
+    };
+
+    /**
+     * Some absolute directory paths for testing DatabasePermissions.
+     */
+    static private final String[] absDirPaths
+        = new String[dirPaths.length];
+    static {
+        for (int i = 0; i < relDirPaths.length; i++) {
+            absDirPaths[i] = "directory:/" + dirPaths[i];
+        }
+    };
+
+    /**
+     * Some absolute directory path aliases for testing DatabasePermissions.
+     */
+    static private final String[] absDirPathAliases
+        = new String[dirPaths.length];
+    static {
+        for (int i = 0; i < relDirPaths.length; i++) {
+            absDirPathAliases[i] = "directory:/dummy/../" + dirPaths[i];
+        }
+    };
+
+    /**
+     * The matrix defining which of the above directory paths imply each other.
+     *
+     * For instance, dirPathImplications[1][2] shows the expected value for:
+     * <ul>
+     * <li> DP("directory:*").implies(DP(directory:level0"))
+     * <li> DP("directory:./*").implies(DP(directory:./level0"))
+     * <li> DP("directory:/*").implies(DP(directory:/level0"))
+     * <li> DP("directory:/dummy/..*").implies(DP(directory:/dummy/..level0"))
+     * </ul>
+     */
+    static private final boolean[][] dirPathImplications = {
+        { true, true, true, true, true, true, true, true }, 
+        { false, true, true, true, false, false, false, false },
+        { false, false, true, false, false, false, false, false },
+        { false, false, false, true, false, false, false, false },
+        { false, false, false, false, true, true, true, true },
+        { false, false, false, false, false, true, true, false },
+        { false, false, false, false, false, false, true, false },
+        { false, false, false, false, false, false, false, true }
+    };    
+    
+    /**
+     * Add decorators to a test run to establish a security manager
+     * with this test's policy file.
+     */
+    static private Test decorateTest(String method) {
+        final SystemPrivilegesPermissionTest undecoratedTest
+            = new SystemPrivilegesPermissionTest(method);
+
+        // install a security manager using this test's policy file
+        return new SecurityManagerSetup(undecoratedTest, POLICY_FILE_NAME);
+    }
+    
+
+    /**
+     * Create a test with the given name.
+     *
+     * @param name name of the test
+     */
+    public SystemPrivilegesPermissionTest(String name) {
+        super(name);
+    }
+
+    /**
+     * Return a suite with all tests in this class (default suite)
+     *
+     * @throws Exception
+     */
+    public static Test suite() {
+        //final TestSuite ts
+        //    = new TestSuite("SystemPrivilegesPermissionTest suite");
+        //ts.addTest(decorateTest("testSystemPrivileges"));
+        //return ts;
+        return decorateTest("testSystemPrivileges");
+    }
+
+    /**
+     * Test case that does a check of the XXX
+     */
+    public void testSystemPrivileges() throws IOException {
+        //System.out.println("--> testSystemPrivileges()");
+        //System.out.println("    java.security.policy = "
+        //                   + System.getProperty("java.security.policy"));
+        //System.out.println("    System.getSecurityManager() = "
+        //                   + System.getSecurityManager());
+        assertSecurityManager();
+        execute();
+        //System.out.println("<-- testSystemPrivileges()");
+    }
+
+    /**
+     * Tests SystemPermissions.
+     */
+    public void execute() throws IOException {
+        checkSystemPermission();
+        checkDatabasePermission();
+    }
+    
+    /**
+     * Tests SystemPermission.
+     */
+    private void checkSystemPermission() throws IOException {
+        final DatabasePrincipal authorizedUser
+            = new DatabasePrincipal("authorizedSystemUser");
+        final DatabasePrincipal unAuthorizedUser
+            = new DatabasePrincipal("unAuthorizedSystemUser");
+
+        // test SystemPermission with null name argument
+        try {
+            new SystemPermission(null);
+            fail("expected NullPointerException");
+        } catch (NullPointerException ex) {
+            // expected exception
+        }
+
+        // test SystemPermission with empty name argument
+        try {
+            new SystemPermission("");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+        
+        // test SystemPermission with illegal name argument
+        try {
+            new SystemPermission("illegal_name");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+
+        // test SystemPermission with legal name argument
+        final Permission sp0 = new SystemPermission(SystemPermission.SHUTDOWN);
+        final Permission sp1 = new SystemPermission(SystemPermission.SHUTDOWN);
+
+        // test SystemPermission.getName()
+        assertEquals(sp0.getName(), SystemPermission.SHUTDOWN);
+
+        // test SystemPermission.getActions()
+        assertEquals(sp0.getActions(), "");
+
+        // test SystemPermission.hashCode()
+        assertTrue(sp0.hashCode() == sp1.hashCode());
+
+        // test SystemPermission.equals()
+        assertTrue(sp0.equals(sp1));
+        assertTrue(!sp0.equals(null));
+        assertTrue(!sp0.equals(new Object()));
+
+        // test SystemPermission.implies()
+        assertTrue(sp0.implies(sp1));
+        assertTrue(sp1.implies(sp0));
+
+        // test SystemPermission for authorized user against policy file
+        execute(authorizedUser, new ShutdownEngineAction(sp0), true);
+        
+        // test SystemPermission for unauthorized user against policy file
+        execute(unAuthorizedUser, new ShutdownEngineAction(sp0), false);
+    }
+    
+    /**
+     * Tests DatabasePermission.
+     */
+    private void checkDatabasePermission() throws IOException {
+        final DatabasePrincipal authorizedUser
+            = new DatabasePrincipal("authorizedSystemUser");
+        final DatabasePrincipal unAuthorizedUser
+            = new DatabasePrincipal("unAuthorizedSystemUser");
+
+        // test DatabasePermission with null url
+        try {
+            new DatabasePermission(null, DatabasePermission.CREATE);
+            fail("expected NullPointerException");
+        } catch (NullPointerException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission with empty url
+        try {
+            new DatabasePermission("", DatabasePermission.CREATE);
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+        
+        // test DatabasePermission with illegal url
+        try {
+            new DatabasePermission("no_url", DatabasePermission.CREATE);
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission with non-canonicalizable URL
+        try {
+            new DatabasePermission("directory:.*/\\:///../",
+                                   DatabasePermission.CREATE);
+            fail("expected IOException");
+        } catch (IOException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission with null actions
+        try {
+            new DatabasePermission("directory:dir", null);
+            fail("expected NullPointerException");
+        } catch (NullPointerException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission with empty actions
+        try {
+            new DatabasePermission("directory:dir", "");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+        
+        // test DatabasePermission with illegal action list
+        try {
+            new DatabasePermission("directory:dir", "illegal_action");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission with illegal action list
+        try {
+            new DatabasePermission("directory:dir", "illegal,action");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+    
+        // test DatabasePermission on illegal action list
+        try {
+            new DatabasePermission("directory:dir", "illegal;action");
+            fail("expected IllegalArgumentException");
+        } catch (IllegalArgumentException ex) {
+            // expected exception
+        }
+
+        // test DatabasePermission on relative directory paths
+        final DatabasePermission[] relDirPathPermissions
+            = new DatabasePermission[relDirPaths.length];
+        for (int i = 0; i < relDirPaths.length; i++) {
+            relDirPathPermissions[i]
+                = new DatabasePermission(relDirPaths[i],
+                                         DatabasePermission.CREATE);
+        }
+        checkNameAndActions(relDirPathPermissions,
+                            relDirPaths);
+        checkHashCodeAndEquals(relDirPathPermissions,
+                               relDirPathPermissions);
+        checkImplies(relDirPathPermissions,
+                     relDirPathPermissions);
+
+        // test DatabasePermission on relative directory path aliases
+        final DatabasePermission[] relDirPathAliasPermissions
+            = new DatabasePermission[relDirPathAliases.length];
+        for (int i = 0; i < relDirPathAliases.length; i++) {
+            relDirPathAliasPermissions[i]
+                = new DatabasePermission(relDirPathAliases[i],
+                                         DatabasePermission.CREATE);
+        }
+        checkNameAndActions(relDirPathAliasPermissions,
+                            relDirPathAliases);
+        checkHashCodeAndEquals(relDirPathPermissions,
+                               relDirPathAliasPermissions);
+        checkImplies(relDirPathPermissions,
+                     relDirPathAliasPermissions);
+
+        // test DatabasePermission on absolute directory paths
+        final DatabasePermission[] absDirPathPermissions
+            = new DatabasePermission[absDirPaths.length];
+        for (int i = 0; i < absDirPaths.length; i++) {
+            absDirPathPermissions[i]
+                = new DatabasePermission(absDirPaths[i],
+                                         DatabasePermission.CREATE);
+        }
+        checkNameAndActions(absDirPathPermissions,
+                            absDirPaths);
+        checkHashCodeAndEquals(absDirPathPermissions,
+                               absDirPathPermissions);
+        checkImplies(absDirPathPermissions,
+                     absDirPathPermissions);
+
+        // test DatabasePermission on absolute directory path aliases
+        final DatabasePermission[] absDirPathAliasPermissions
+            = new DatabasePermission[absDirPathAliases.length];
+        for (int i = 0; i < absDirPathAliases.length; i++) {
+            absDirPathAliasPermissions[i]
+                = new DatabasePermission(absDirPathAliases[i],
+                                         DatabasePermission.CREATE);
+        }
+        checkNameAndActions(absDirPathAliasPermissions,
+                            absDirPathAliases);
+        checkHashCodeAndEquals(absDirPathPermissions,
+                               absDirPathAliasPermissions);
+        checkImplies(absDirPathPermissions,
+                     absDirPathAliasPermissions);
+        
+
+        // test DatabasePermission for authorized user against policy file
+        execute(authorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[2]), true);
+        execute(authorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[3]), true);
+        execute(authorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[6]), false);
+        execute(authorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[7]), true);
+
+        // test DatabasePermission for unauthorized user against policy file
+        execute(unAuthorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[2]), false);
+        execute(unAuthorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[3]), false);
+        execute(unAuthorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[6]), false);
+        execute(unAuthorizedUser,
+                new CreateDatabaseAction(relDirPathPermissions[7]), false);
+    }
+
+    /**
+     * Runs a privileges user action for a given principal.
+     */
+    private void execute(DatabasePrincipal principal,
+                         PrivilegedExceptionAction action,
+                         boolean isGrantExpected) {
+        //System.out.println();
+        //System.out.println("    testing action " + action);
+        final RunAsPrivilegedUserAction runAsPrivilegedUserAction
+            = new RunAsPrivilegedUserAction(principal, action);
+        try {
+            AccessController.doPrivileged(runAsPrivilegedUserAction);
+            //System.out.println("    Congrats! access granted " + action);
+            if (!isGrantExpected) {
+                fail("expected AccessControlException");
+            }
+        } catch (PrivilegedActionException pae) {
+            //System.out.println("    Error: " + pae.getMessage());
+            throw new RuntimeException(pae);
+        } catch (AccessControlException ace) {
+            if (isGrantExpected) {
+                fail("caught AccessControlException");
+            }
+            //System.out.println("    Yikes! " + ace.getMessage());
+        }
+    }
+    
+    /**
+     * Tests DatabasePermission.getName() and .getActions().
+     */
+    private void checkNameAndActions(DatabasePermission[] dbperm,
+                                     String[] dbpath)
+        throws IOException {
+        //assert(dpperm.length == dbpath.length)
+        for (int i = 0; i < dbperm.length; i++) {
+            final DatabasePermission dbp = dbperm[i];
+            assertEquals("test: " + dbp + ".getName()",
+                         dbpath[i], dbp.getName());
+            assertEquals("test: " + dbp + ".getActions()",
+                         DatabasePermission.CREATE, dbp.getActions());
+        }
+    }
+
+    /**
+     * Tests DatabasePermission.hashCode() and .equals().
+     */
+    private void checkHashCodeAndEquals(DatabasePermission[] dbp0,
+                                        DatabasePermission[] dbp1)
+        throws IOException {
+        //assert(dbp0.length == dbp1.length)
+        for (int i = 0; i < dbp0.length; i++) {
+            final DatabasePermission p0 = dbp0[i];
+            for (int j = 0; j < dbp0.length; j++) {
+                final DatabasePermission p1 = dbp1[j];
+                if (i == j) {
+                    assertTrue(p0.hashCode() == p1.hashCode());
+                    assertTrue(p0.equals(p1));
+                } else {
+                    assertTrue(p0.hashCode() != p1.hashCode());
+                    assertTrue(!p0.equals(p1));
+                }
+            }
+        }
+    }
+    
+    /**
+     * Tests DatabasePermission.implies().
+     */
+    private void checkImplies(DatabasePermission[] dbp0,
+                              DatabasePermission[] dbp1)
+        throws IOException {
+        //assert(dbp0.length == dbp1.length)
+        for (int i = 0; i < dbp0.length; i++) {
+            final DatabasePermission p0 = dbp0[i];
+            for (int j = 0; j < dbp0.length; j++) {
+                final DatabasePermission p1 = dbp1[j];
+                assertEquals("test: " + p0 + ".implies" + p1,
+                             dirPathImplications[i][j], p0.implies(p1));
+                assertEquals("test: " + p1 + ".implies" + p0,
+                             dirPathImplications[j][i], p1.implies(p0));
+            }
+        }
+    }
+    
+    /**
+     * Represents a Shutdown Engine action.
+     */
+    public class ShutdownEngineAction
+        implements PrivilegedExceptionAction {
+        protected final Permission permission;
+
+        public ShutdownEngineAction(Permission permission) {
+            this.permission = permission;
+        }
+    
+        public Object run() throws Exception {
+            //System.out.println("    checking access " + permission + "...");
+            AccessController.checkPermission(permission);
+            //System.out.println("    granted access " + this);
+            return null;
+        }
+
+        public String toString() {
+            return permission.toString();
+        }
+    }
+
+    /**
+     * Represents a Create Database action.
+     */
+    public class CreateDatabaseAction
+        implements PrivilegedExceptionAction {
+        protected final Permission permission;
+
+        public CreateDatabaseAction(Permission permission) throws IOException {
+            this.permission = permission;
+        }
+    
+        public Object run() throws Exception {
+            //System.out.println("    checking access " + permission + "...");
+            AccessController.checkPermission(permission);
+            //System.out.println("    granted access " + this);
+            return null;
+        }
+
+        public String toString() {
+            return permission.toString();
+        }
+    }
+
+    /**
+     * Represents a Privileged User action.
+     */
+    public class RunAsPrivilegedUserAction
+        implements PrivilegedExceptionAction {
+        final private DatabasePrincipal principal;
+        final private PrivilegedExceptionAction action;
+
+        public RunAsPrivilegedUserAction(DatabasePrincipal principal,
+                                         PrivilegedExceptionAction action) {
+            this.principal = principal;
+            this.action = action;
+        }
+        
+        public Object run() throws PrivilegedActionException {
+            final Set principalSet = new HashSet();
+            final Set noPublicCredentials = new HashSet();
+            final Set noPrivateCredentials = new HashSet();
+            principalSet.add(principal);
+            final Subject subject = new Subject(true, principalSet,
+                                                noPublicCredentials,
+                                                noPrivateCredentials);
+        
+            // Subject.doAs(subject, action) not strong enough
+            //System.out.println("    run doAsPrivileged() as " + principal
+            //                   + "...");
+            Subject.doAsPrivileged(subject, action, null);
+            return null;
+        }
+    }
+}

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy?view=auto&rev=544870
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy Wed Jun  6 08:42:53 2007
@@ -0,0 +1,111 @@
+// Policy file with minimal set of permissions to run unit test for
+// Derby System Privileges (DERBY-2109).
+//
+// The test harness sets up four variables used by this policy file
+//
+// derbyTesting.codejar - URL to the jar files when they are in the classpath
+// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
+//
+// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
+// other will be set to a bogus URL like file://unused
+//
+// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
+// Only required due to a BUG (see below for more info).
+//
+// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation
+//     for XML-based tests (ex. lang/XMLBindingTest.java).
+//
+// derbyTesting.serverhost - Host name or ip where network server is started 
+// derbyTesting.clienthost - specifies the clients ip address/hostName. 
+//     when testing with networkserver on a remote host, this needs to be passed in 
+//     with the NetworkServerControl start command
+
+
+// PROVISIONAL: Universally granted permissions for testing System Privileges
+// When consolidated, these permissions should be moved/copied into the
+//   ${derbyTesting.codejar}
+//   ${derbyTesting.codeclasses}
+//   ${derbyTesting.junit}
+// sections
+grant {
+  // System Privileges need to run "doAsPrivileged".
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges need to be allowed to resolve relative directory names,
+  // which requires a property-read permission.
+  //permission java.util.PropertyPermission "*", "read,write";
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // System Privileges need to be allowed to canonicalize directory names,
+  // which requires file-read permission.
+  // Because this unit test involves some relative and absolute sample paths,
+  // we liberally grant read access to all files.
+  //permission java.io.FilePermission "${user.dir}${/}-", "read"; 
+  //permission java.io.FilePermission "${/}-", "read";
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+// specific test authorizations for System Privileges
+grant principal org.apache.derby.authentication.DatabasePrincipal "authorizedSystemUser" {
+  permission org.apache.derby.security.SystemPermission "shutdownEngine";
+  permission org.apache.derby.security.DatabasePermission "directory:*", "create";
+  permission org.apache.derby.security.DatabasePermission "directory:level0/level1/-", "create";
+  permission org.apache.derby.security.DatabasePermission "directory:/*", "create";
+  permission org.apache.derby.security.DatabasePermission "directory:/level0/level1/-", "create";
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+// We are liberal here, it's not a goal to make the test harness
+// or tests secure.
+//
+grant codeBase "${derbyTesting.codejar}" {
+  // Support for debugging test.
+  permission java.util.PropertyPermission "java.security.policy", "read";
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.lang.RuntimePermission "setIO"; 
+};
+
+//
+// super-set of the jar permissions for running out of the classes directory
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+  // Support for debugging test.
+  permission java.util.PropertyPermission "java.security.policy", "read";
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.lang.RuntimePermission "setIO"; 
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+    permission java.util.PropertyPermission "user.home", "read";
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+    permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+};
+
+// Due to a problem running tests/derbynet/CompatibilityTest in the old test
+// harness, permission to read junit.properties is granted to all. This can be 
+// removed when CompatibilityTest is rewritten to conform to our current Junit
+// usage. See DERBY-2076.
+grant {
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+    permission java.lang.RuntimePermission "setIO";
+};

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java?view=diff&rev=544870&r1=544869&r2=544870
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java Wed Jun  6 08:42:53 2007
@@ -47,6 +47,7 @@
         TestSuite suite = new TestSuite("JUnit unit tests");
 
         suite.addTest(FormatableBitSetTest.suite());
+        //suite.addTest(SystemPrivilegesPermissionTest.suite());
 
         return suite;
     }



Mime
View raw message