db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmars...@apache.org
Subject svn commit: r551252 - in /db/derby/code/branches/10.2: java/engine/org/apache/derby/iapi/services/io/ java/engine/org/apache/derby/iapi/store/access/ java/engine/org/apache/derby/impl/services/reflect/ java/engine/org/apache/derby/impl/sql/execute/ jav...
Date Wed, 27 Jun 2007 18:07:55 GMT
Author: kmarsden
Date: Wed Jun 27 11:07:53 2007
New Revision: 551252

URL: http://svn.apache.org/viewvc?view=rev&rev=551252
Log:
DERBY-537 SQLJ.INSTALL_JAR and SQLJ.UPDATE_JAR fail when running with a SecurityManager enabled.

Backport to 10.2



Removed:
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFileJava2.java
Modified:
    db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/store/access/FileResource.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFile.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/AddJarConstantAction.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/DropJarConstantAction.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarDDL.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/ReplaceJarConstantAction.java
    db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java
    db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/tools/dblook_test_app.properties
    db/derby/code/branches/10.2/tools/jar/extraDBMSclasses.properties

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/services/io/FileUtil.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/services/io/FileUtil.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/services/io/FileUtil.java Wed Jun 27 11:07:53 2007
@@ -26,7 +26,6 @@
 import org.apache.derby.io.StorageFile;
 
 import java.io.*;
-import java.net.*;
 
 /**
 	A set of public static methods for dealing with File objects.
@@ -554,40 +553,5 @@
 			return new File(name);
 		else
 			return new File(parent, name);
-	}
-
-	/**
-	 * Open an input stream to read a file or a URL
-	 * @param fileOrURL	The file or URL to open.
-	 * @param bufferSize 0 => no buffering.
-	 * @return	an InputStream
-	 * @exception StandardException	Thrown on failure
-	 */
-	public static InputStream getInputStream(String fileOrURL,int bufferSize)
-		 throws IOException
-	{
-		InputStream is;
-		try {
-			is = new FileInputStream( fileOrURL );
-		}
-
-		catch (FileNotFoundException fnfe){
-			try {
-				is = new URL( fileOrURL ).openStream();
-			} catch (MalformedURLException mfurle) {
-
-				// if it looks like an url throw this exception
-				// otherwise throw the file not found exception
-				// If there is no : or an early colon then it's
-				// probably a file (e.g. /foo/myjar.jar or a:/foo/myjar.jar)
-				if (fileOrURL.indexOf(':') > 2)
-					throw mfurle;
-				throw fnfe;
-			}
-		}
-		if (bufferSize > 0)
-			is = new BufferedInputStream(is,bufferSize);
-
-		return is;
 	}
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/store/access/FileResource.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/store/access/FileResource.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/store/access/FileResource.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/iapi/store/access/FileResource.java Wed Jun 27 11:07:53 2007
@@ -22,7 +22,6 @@
 package org.apache.derby.iapi.store.access;
 
 import org.apache.derby.iapi.error.StandardException;
-import org.apache.derby.iapi.store.access.DatabaseInstant;
 import org.apache.derby.io.StorageFile;
 
 import java.io.FileNotFoundException;
@@ -84,13 +83,10 @@
 	  the database.
 
 	  @param name the name of the fileResource to remove.
-	  @param purgeOnCommit true means purge the fileResource 
-	         when the current transaction commits. false means retain
-	         the file resource for use by replication. 
 	  
 	  @exception StandardException some error occured.
 	  */
-	public void remove(String name, long currentGenerationId, boolean purgeOnCommit)
+	public void remove(String name, long currentGenerationId)
 		throws StandardException;
 
 	/**
@@ -101,14 +97,11 @@
 	  @param name the name of the file resource.
 	  @param source an input stream for reading the content of
 	  the file resource.
-	  @param purgeOnCommit true means purge the existing version of
-	         fileResource when the current transaction commits. false 
-	         means retain the existing version for use by replication. 
 	  @return the generationId for the new 'current' version of the
 	          file resource. 
 	  @exception StandardException some error occured.
 	*/
-	public long replace(String name, long currentGenerationId, InputStream source,boolean purgeOnCommit)
+	public long replace(String name, long currentGenerationId, InputStream source)
 		throws StandardException;
 
 	/**

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFile.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFile.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarFile.java Wed Jun 27 11:07:53 2007
@@ -32,23 +32,22 @@
 import org.apache.derby.iapi.util.IdUtil;
 import org.apache.derby.iapi.services.io.InputStreamUtil;
 
-class JarFile {
+/**
+ * Represents a jar file for class loading,
+ * previously installed by the sqlj.install_jar or replace_jar procedures.
+ * <br>
+ * The source for the Jar is either a File (database from a file system)
+ * or an InputStream (database is in a jar file itself).
+ */
+abstract class JarFile {
 	final String[] name;
 	protected ZipFile zip;
 	boolean isStream;
 
-	JarFile() {
-		name = null;
-	}
-
 	JarFile(String[] name) {
 		this.name = name;
 	}
 
-	JarFile newJarFile(String[] name) {
-		return new JarFile(name);
-	}
-
 	final String getJarName() {
 		return IdUtil.mkQualifiedName(name);
 	}
@@ -112,7 +111,5 @@
 		return data;
 	}
 
-	Object[] getSigners(String className, ZipEntry ze) throws IOException {
-		return null;
-	}
+	abstract Object[] getSigners(String className, ZipEntry ze) throws IOException;
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java Wed Jun 27 11:07:53 2007
@@ -21,19 +21,24 @@
 
 package org.apache.derby.impl.services.reflect;
 
-import org.apache.derby.impl.sql.execute.JarUtil;
 import org.apache.derby.iapi.services.stream.HeaderPrintWriter;
 import org.apache.derby.iapi.error.StandardException;
 
+import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.InputStream;
 import java.io.IOException;
 
-import java.util.zip.ZipFile;
-import java.util.zip.ZipInputStream;
-import java.util.zip.ZipEntry;
-
+import java.security.CodeSource;
+import java.security.GeneralSecurityException;
+import java.security.SecureClassLoader;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import java.util.jar.JarInputStream;
 
+import org.apache.derby.iapi.services.io.InputStreamUtil;
 import org.apache.derby.iapi.services.io.LimitInputStream;
 import org.apache.derby.iapi.util.IdUtil;
 
@@ -41,24 +46,35 @@
 import org.apache.derby.iapi.services.i18n.MessageService;
 
 
-public class JarLoader extends ClassLoader {
-
-	private static final JarFile jarFileFactory;
-
-	static {
-
-		// 
-		jarFileFactory = new JarFileJava2();
-	}
+class JarLoader extends SecureClassLoader {
+    
+    /**
+     * Two part name for the jar file.
+     */
+    private final String[] name;
+    
+    /**
+     * When the jar file can be manipulated as a java.util.JarFile
+     * this holds the reference to the open jar. When the jar can
+     * only be manipulated as an InputStream (because the jar is itself
+     * in a database jar) then this will be null.
+     */
+    private JarFile jar;
+    
+    /**
+     * True if the jar can only be accessed using a stream, because
+     * the jar is itself in a database jar. When fals the jar is accessed
+     * using the jar field.
+     */
+    private boolean isStream;
 
 	private UpdateLoader updateLoader;
-	private JarFile jf;
 	private HeaderPrintWriter vs;
 
 	JarLoader(UpdateLoader updateLoader, String[] name, HeaderPrintWriter vs) {
 
 		this.updateLoader = updateLoader;
-		this.jf = jarFileFactory.newJarFile(name);
+        this.name = name;
 		this.vs = vs;
 	}
 
@@ -71,12 +87,16 @@
 		try {
 
 			if (zipData instanceof File) {
-				jf.initialize((File) zipData);
+                jar = new JarFile((File) zipData);
 				return;
 			}
 
+            // Jar is only accessible as an INputStream,
+            // which means we need to re-open the stream for
+            // each access. Thus we close the stream now as we have
+            // no further use for it.
 			if (zipData instanceof InputStream) {
-				jf.isStream = true;
+				isStream = true;
 				try {
 					((InputStream) zipData).close();
 				} catch (IOException ioe) {
@@ -89,7 +109,7 @@
 		}
 
 		// No such zip.
-		setInvalid(false);	
+		setInvalid();	
 	}
 
 	/**
@@ -126,12 +146,13 @@
 		return updateLoader.getResourceAsStream(name);
 	}
 
-	/*
-	** Package level api
-	*/
-	final String getJarName() {
-		return jf.getJarName();
-	}
+    /**
+     * Return the SQL name for the installed jar.
+     * Used for error and informational messages.
+     */
+    final String getJarName() {
+        return IdUtil.mkQualifiedName(name);
+    }
 
 	Class loadClassData(String className, String jvmClassName, boolean resolve) {
 
@@ -139,10 +160,10 @@
 			return null;
 
 		try {
-			if (jf.isZip())
+			if (jar != null)
 				return loadClassDataFromJar(className, jvmClassName, resolve);
 
-			if (jf.isStream) {
+			if (isStream) {
 				// have to use a new stream each time
 				return loadClassData((InputStream) load(),
 						className, jvmClassName, resolve);
@@ -163,11 +184,11 @@
 
 		if (updateLoader == null)
 			return null;
+     
+		if (jar != null)
+			return getRawStream(name);
 
-		if (jf.isZip())
-			return getRawStream(jf.getZip(), name);
-
-		if (jf.isStream) {
+		if (isStream) {
 			return getRawStream((InputStream) load(), name);
 		}
 		return null;
@@ -179,58 +200,73 @@
 	*/
 
 
-	private Class loadClassDataFromJar(String className, String jvmClassName, boolean resolve) 
+    /**
+     * Load the class data when the installed jar is accessible
+     * as a java.util.jarFile.
+     */
+	private Class loadClassDataFromJar(
+            String className, String jvmClassName, boolean resolve) 
 		throws IOException {
 
-		ZipEntry ze = jf.getEntry(jvmClassName);
-		if (ze == null)
+		JarEntry e = jar.getJarEntry(jvmClassName);
+		if (e == null)
 			return null;
 
-		InputStream in = jf.getZip().getInputStream(ze);
+		InputStream in = jar.getInputStream(e);
 
 		try {
-			return loadClassData(ze, in, className, resolve);
+			return loadClassData(e, in, className, resolve);
 		} finally {
 			in.close();
 		}
 	}
 
+    /**
+     * Load the class data when the installed jar is accessible
+     * only as an input stream (the jar is itself in a database jar).
+     */
 	private Class loadClassData(
 		InputStream in, String className, String jvmClassName, boolean resolve) 
 		throws IOException {
 
-		ZipInputStream zipIn = jf.getZipOnStream(in);
+        JarInputStream jarIn = new JarInputStream(in);
 
 		for (;;) {
 
-			ZipEntry ze = jf.getNextEntry(zipIn);
-			if (ze == null) {
-				zipIn.close();
+			JarEntry e = jarIn.getNextJarEntry();
+			if (e == null) {
+				jarIn.close();
 				return null;
 			}
 
-			if (ze.getName().equals(jvmClassName)) {
-				Class c = loadClassData(ze, zipIn, className, resolve);
-				zipIn.close();
+			if (e.getName().equals(jvmClassName)) {
+				Class c = loadClassData(e, jarIn, className, resolve);
+				jarIn.close();
 				return c;
 			}
 		}
 		
 	}
 
-	private Class loadClassData(ZipEntry ze, InputStream in,
+    /**
+     * Load and optionally resolve the class given its
+     * JarEntry and an InputStream to the class fiel format.
+     * This is common code for when the jar is accessed
+     * directly using JarFile or through InputStream.
+     */
+	private Class loadClassData(JarEntry e, InputStream in,
 		String className, boolean resolve) throws IOException {
 
-		byte[] data = jf.readData(ze, in, className);
+		byte[] data = readData(e, in, className);
 
-		Object[] signers = jf.getSigners(className, ze);
+		Certificate[] signers = getSigners(className, e);
 
 		synchronized (updateLoader) {
 			// see if someone else loaded it while we
 			// were getting the bytes ...
 			Class c = updateLoader.checkLoaded(className, resolve);
 			if (c == null) {
-				c = defineClass(className, data, 0, data.length);
+				c = defineClass(className, data, 0, data.length, (CodeSource) null);
 				if (signers != null) {
 					setSigners(c, signers);
 				}
@@ -254,7 +290,7 @@
 
 	private Object load() {
 
-		String[] dbJarName = jf.name;
+		String[] dbJarName = name;
 
 		String schemaName = dbJarName[IdUtil.DBCP_SCHEMA_NAME];
 		String sqlName = dbJarName[IdUtil.DBCP_SQL_JAR_NAME];
@@ -264,17 +300,28 @@
 			return updateLoader.getJarReader().readJarFile(schemaName, sqlName);
 		} catch (StandardException se) {
 			if (vs != null)
-				vs.println(MessageService.getTextMessage(MessageId.CM_LOAD_JAR_EXCEPTION, jf.getJarName(), se));
+				vs.println(MessageService.getTextMessage(MessageId.CM_LOAD_JAR_EXCEPTION, getJarName(), se));
 			return null;
 		}
 
 	}
 
-	JarFile setInvalid(boolean newJarFile) {
-
-		jf.setInvalid();
+    /**
+     * Set this loader to be invaid so that it will not
+     * resolve any classes or resources.
+     *
+     */
+	void setInvalid() {
 		updateLoader = null;
-		return newJarFile ? jarFileFactory.newJarFile(jf.name) : null;
+        if (jar != null) {
+            try {
+                jar.close();
+            } catch (IOException ioe) {
+            }
+            jar = null;
+
+        }
+        isStream = false;
 	}
 
 	/*
@@ -282,19 +329,19 @@
 	*/
 
 	/**
-		Get a stream directly from a ZipFile.
+		Get a stream for a resource directly from a JarFile.
 		In this case we can safely return the stream directly.
 		It's a new stream set up by the zip code to read just
 		the contents of this entry.
 	*/
-	private InputStream getRawStream(ZipFile zip, String name) {
+	private InputStream getRawStream(String name) {
 
 		try {
-			ZipEntry ze = zip.getEntry(name);
-			if (ze == null)
+			JarEntry e = jar.getJarEntry(name);
+			if (e == null)
 				return null;
 
-			return zip.getInputStream(ze);
+			return jar.getInputStream(e);
 		} catch (IOException ioe) {
 			return null;
 		}
@@ -308,30 +355,113 @@
 	*/
 	private InputStream getRawStream(InputStream in, String name) { 
 
-		ZipInputStream zipIn = null;
+		JarInputStream jarIn = null;
 		try {
-			zipIn = new ZipInputStream(in);
+			jarIn = new JarInputStream(in);
 
-			ZipEntry ze;
-			while ((ze = jf.getNextEntry(zipIn)) != null) {
+		    JarEntry e;
+			while ((e = jarIn.getNextJarEntry()) != null) {
 
-				if (ze.getName().equals(name)) {
-					LimitInputStream lis = new LimitInputStream(zipIn);
-					lis.setLimit((int) ze.getSize());
+				if (e.getName().equals(name)) {
+					LimitInputStream lis = new LimitInputStream(jarIn);
+					lis.setLimit((int) e.getSize());
 					return lis;
 				}
 			}
 
-			zipIn.close();
+			jarIn.close();
 
 		} catch (IOException ioe) {
-			if (zipIn != null) {
+			if (jarIn != null) {
 				try {
-					zipIn.close();
+					jarIn.close();
 				} catch (IOException ioe2) {
 				}
 			}
 		}
 		return null;
 	}
+    
+    /**
+     * Read the raw data for the class file format
+     * into a byte array that can be used for loading the class.
+     * If this is a signed class and it has been compromised then
+     * a SecurityException will be thrown.
+     */
+    byte[] readData(JarEntry ze, InputStream in, String className)
+            throws IOException {
+
+        try {
+            int size = (int) ze.getSize();
+
+            if (size != -1) {
+                byte[] data = new byte[size];
+
+                InputStreamUtil.readFully(in, data, 0, size);
+
+                return data;
+            }
+
+            // unknown size
+            byte[] data = new byte[1024];
+            ByteArrayOutputStream os = new ByteArrayOutputStream(1024);
+            int r;
+            while ((r = in.read(data)) != -1) {
+                os.write(data, 0, r);
+            }
+
+            data = os.toByteArray();
+            return data;
+        } catch (SecurityException se) {
+            throw handleException(se, className);
+        }
+    }
+
+    /**
+     * Validate the security certificates (signers) for the class data.
+     */
+    private Certificate[] getSigners(String className, JarEntry je) throws IOException {
+
+        try {
+            Certificate[] list = je.getCertificates();
+            if ((list == null) || (list.length == 0)) {
+                return null;
+            }
+
+            for (int i = 0; i < list.length; i++) {
+                if (!(list[i] instanceof X509Certificate)) {
+                    String msg = MessageService.getTextMessage(
+                            MessageId.CM_UNKNOWN_CERTIFICATE, className,
+                            getJarName());
+
+                    throw new SecurityException(msg);
+                }
+
+                X509Certificate cert = (X509Certificate) list[i];
+
+                cert.checkValidity();
+            }
+
+            return list;
+
+        } catch (GeneralSecurityException gse) {
+            // convert this into an unchecked security
+            // exception. Unchecked as eventually it has
+            // to pass through a method that's only throwing
+            // ClassNotFoundException
+            throw handleException(gse, className);
+        }
+        
+    }
+
+    /**
+     * Provide a SecurityManager with information about the class name
+     * and the jar file.
+     */
+    private SecurityException handleException(Exception e, String className) {
+        String msg = MessageService.getTextMessage(
+                MessageId.CM_SECURITY_EXCEPTION, className, getJarName(), e
+                        .getLocalizedMessage());
+        return new SecurityException(msg);
+    }
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java Wed Jun 27 11:07:53 2007
@@ -46,6 +46,22 @@
 import org.apache.derby.iapi.services.i18n.MessageService;
 
 public class UpdateLoader {
+    
+    /**
+     * List of packages that Derby will not support being loaded
+     * from an installed jar file.
+     */
+    private static final String[] RESTRICTED_PACKAGES = {
+        // While loading java. classes is blocked by the standard
+        // class loading mechanism, javax. ones are not. However
+        // allowing database applications to override jvm classes
+        // seems a bad idea.
+        "javax.",
+        
+        // Allowing an application to possible override the engine's
+        // own classes also seems dangerous.
+        "org.apache.derby.",
+    };
 
 	private JarLoader[] jarList;
 	private HeaderPrintWriter vs;
@@ -122,6 +138,13 @@
 				Class clazz = checkLoaded(className, resolve);
 				if (clazz != null)
 					return clazz;
+                
+                // Refuse to load classes from restricted name spaces
+                for (int i = 0; i < RESTRICTED_PACKAGES.length; i++)
+                {
+                    if (className.startsWith(RESTRICTED_PACKAGES[i]))
+                        throw new ClassNotFoundException(className);
+                }
 
 				String jvmClassName = className.replace('.', '/').concat(".class");
 
@@ -222,24 +245,12 @@
 
 		if (!initDone)
 			return;
+        
+        // first close the existing jar file opens
+        close();
 
 		if (reload) {
-			//first close the existing jar file opens
-			close();
 			initializeFromClassPath(thisClasspath);
-			return;
-		}
-
-		// first thing to do is to remove all Class entries
-		// and then get a complete set of loaders ...
-		synchronized (this) {
-
-			for (int i = 0; i < jarList.length; i++) {
-
-				JarLoader jl = jarList[i];
-
-				JarFile newJarFile = jl.setInvalid(reload);
-			}
 		}
 	}
 
@@ -281,7 +292,7 @@
 	public void close() {
 
 		for (int i = 0; i < jarList.length; i++) {
-			jarList[i].setInvalid(false);
+			jarList[i].setInvalid();
 		}
 
 	}

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/AddJarConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/AddJarConstantAction.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/AddJarConstantAction.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/AddJarConstantAction.java Wed Jun 27 11:07:53 2007
@@ -33,8 +33,6 @@
  */
 class AddJarConstantAction extends DDLConstantAction
 {
-
-	private final UUID id;
 	private	final String schemaName;
 	private	final String sqlName;
 	private final String externalPath;
@@ -53,12 +51,11 @@
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 *  @param  externalPath            The name of the file that holds the jar.
 	 */
-	AddJarConstantAction(UUID id,
+	AddJarConstantAction(
 								 String schemaName,
 								 String sqlName,
 								 String externalPath)
 	{
-		this.id = id;
 		this.schemaName = schemaName;
 		this.sqlName = sqlName;
 		this.externalPath = externalPath;
@@ -92,7 +89,7 @@
 	public void	executeConstantAction( Activation activation )
 						throws StandardException
 	{
-		JarUtil.add(id,schemaName,sqlName,externalPath);
+		JarUtil.add(schemaName,sqlName,externalPath);
 	}
 
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/DropJarConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/DropJarConstantAction.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/DropJarConstantAction.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/DropJarConstantAction.java Wed Jun 27 11:07:53 2007
@@ -35,8 +35,6 @@
  */
 class DropJarConstantAction extends DDLConstantAction
 {
-
-	private final UUID id;
 	private final String schemaName;
 	private final String sqlName;
 
@@ -49,15 +47,12 @@
 	/**
 	 *	Make the ConstantAction to drop a jar file to database.
 	 *
-	 *	@param	id					The id for the jar file
 	 *	@param	schemaName			The SchemaName for the jar file.
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 */
-	DropJarConstantAction(UUID id,
-								  String schemaName,
+	DropJarConstantAction(String schemaName,
 								  String sqlName)
 	{
-		this.id = id;
 		this.schemaName = schemaName;
 		this.sqlName = sqlName;
 	}
@@ -90,13 +85,6 @@
 	public void	executeConstantAction( Activation activation )
 						throws StandardException
 	{
-		JarUtil.drop(null,schemaName,sqlName,
-					 purgeOnCommit());
+		JarUtil.drop(schemaName,sqlName);
 	}
-
-	//
-	// Replication can over-ride this to defer purging dropped jar
-	// files that remain in the stage.
-	protected boolean purgeOnCommit() { return true; }
-
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java Wed Jun 27 11:07:53 2007
@@ -815,57 +815,51 @@
 	/**
 	 * Make the ConstantAction to Add a jar file to a database.
 	 *
-	 *	@param	id					The id for the jar file -
-	 *                              (null means create one)
 	 *	@param	schemaName			The SchemaName for the jar file.
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 *  @param  externalPath            The name of the file that holds the jar.
 	 *  @exception StandardException Ooops
 	 */
-	public	ConstantAction getAddJarConstantAction(UUID id,
+	public	ConstantAction getAddJarConstantAction(
 														 String schemaName,
 														 String sqlName,
 														 String externalPath)
 		 throws StandardException
 	{
 		getAuthorizer().authorize(Authorizer.JAR_WRITE_OP);
-		return new AddJarConstantAction(id,schemaName,sqlName,externalPath);
+		return new AddJarConstantAction(schemaName,sqlName,externalPath);
 	}
 	/**
 	 * Make the ConstantAction to replace a jar file in a database.
 	 *
-	 *	@param	id					The id for the jar file -
-	 *                              (Ignored if null)
 	 *	@param	schemaName			The SchemaName for the jar file.
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 *  @param  externalPath            The name of the file that holds the new jar.
 	 *  @exception StandardException Ooops
 	 */
-	public	ConstantAction getReplaceJarConstantAction(UUID id,
+	public	ConstantAction getReplaceJarConstantAction(
 														 String schemaName,
 														 String sqlName,
 														 String externalPath)
 		 throws StandardException
 	{
 		getAuthorizer().authorize(Authorizer.JAR_WRITE_OP);
-		return new ReplaceJarConstantAction(id,schemaName,sqlName,externalPath);
+		return new ReplaceJarConstantAction(schemaName,sqlName,externalPath);
 	}
 	/**
 	 * Make the ConstantAction to drop a jar file from a database.
 	 *
-	 *	@param	id					The id for the jar file -
-	 *                              (Ignored if null)
 	 *	@param	schemaName			The SchemaName for the jar file.
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 *  @exception StandardException Ooops
 	 */
-	public	ConstantAction getDropJarConstantAction(UUID id,
+	public	ConstantAction getDropJarConstantAction(
 														  String schemaName,
 														  String sqlName)
 		 throws StandardException
 	{
 		getAuthorizer().authorize(Authorizer.JAR_WRITE_OP);
-		return new DropJarConstantAction(id,schemaName,sqlName);
+		return new DropJarConstantAction(schemaName,sqlName);
 	}
 
 	static protected Authorizer getAuthorizer()

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarDDL.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarDDL.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarDDL.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarDDL.java Wed Jun 27 11:07:53 2007
@@ -43,7 +43,7 @@
 
 		GenericConstantActionFactory caf = getConstantActionFactory();
 		ConstantAction ca =
-			caf.getAddJarConstantAction(null,schemaName,sqlName,externalPath);
+			caf.getAddJarConstantAction(schemaName,sqlName,externalPath);
 		ca.executeConstantAction(null);
 	}
 
@@ -61,7 +61,7 @@
 
 		GenericConstantActionFactory caf = getConstantActionFactory();
 		ConstantAction ca =
-			caf.getDropJarConstantAction(null,schemaName,sqlName);
+			caf.getDropJarConstantAction(schemaName,sqlName);
 		ca.executeConstantAction(null);
 	}
 
@@ -79,7 +79,7 @@
 
 		GenericConstantActionFactory caf = getConstantActionFactory();
 		ConstantAction ca =
-			caf.getReplaceJarConstantAction(null,schemaName,sqlName,externalPath);
+			caf.getReplaceJarConstantAction(schemaName,sqlName,externalPath);
 		ca.executeConstantAction(null);
 	}
 

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java Wed Jun 27 11:07:53 2007
@@ -39,24 +39,20 @@
 import org.apache.derby.iapi.reference.SQLState;
 import org.apache.derby.iapi.store.access.FileResource;
 import org.apache.derby.catalog.UUID;
-import org.apache.derby.iapi.services.io.FileUtil;
-import org.apache.derby.io.StorageFile;
 
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.sql.CallableStatement;
-import java.sql.Connection;
-import java.sql.SQLException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
 
-public class JarUtil
+
+class JarUtil
 {
-	public static final String ADD_JAR_DDL = "ADD JAR";
-	public static final String DROP_JAR_DDL = "DROP JAR";
-	public static final String REPLACE_JAR_DDL = "REPLACE JAR";
-	public static final String READ_JAR = "READ JAR";
 	//
 	//State passed in by the caller
-	private UUID id; //For add null means create a new id.
 	private String schemaName;
 	private String sqlName;
 
@@ -68,10 +64,9 @@
 	
 	//
 	//State derived from the caller's context
-	public JarUtil(UUID id, String schemaName, String sqlName)
+	private JarUtil(String schemaName, String sqlName)
 		 throws StandardException
 	{
-		this.id = id;
 		this.schemaName = schemaName;
 		this.sqlName = sqlName;
 
@@ -93,15 +88,15 @@
 
 	  @exception StandardException Opps
 	  */
-	static public long
-	add(UUID id, String schemaName, String sqlName, String externalPath)
+	static long
+	add(String schemaName, String sqlName, String externalPath)
 		 throws StandardException
 	{
-		JarUtil jutil = new JarUtil(id, schemaName, sqlName);
+		JarUtil jutil = new JarUtil(schemaName, sqlName);
 		InputStream is = null;
 		
 		try {
-			is = FileUtil.getInputStream(externalPath, 0);
+			is = openJarURL(externalPath);
 			return jutil.add(is);
 		} catch (java.io.IOException fnfe) {
 			throw StandardException.newException(SQLState.SQLJ_INVALID_JAR, fnfe, externalPath);
@@ -121,7 +116,7 @@
 	  @param is A stream for reading the content of the file to add.
 	  @exception StandardException Opps
 	  */
-	public long add(InputStream is) throws StandardException
+	private long add(final InputStream is) throws StandardException
 	{
 		//
 		//Like create table we say we are writing before we read the dd
@@ -132,40 +127,46 @@
 				StandardException.newException(SQLState.LANG_OBJECT_ALREADY_EXISTS_IN_OBJECT, 
 											   fid.getDescriptorType(), sqlName, fid.getSchemaDescriptor().getDescriptorType(), schemaName);
 
-		try {
-			notifyLoader(false);
-			dd.invalidateAllSPSPlans();
-			long generationId = fr.add(JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar()),is);
-
-			SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName, null, true);
-
-			fid = ddg.newFileInfoDescriptor(id, sd,
-							sqlName, generationId);
-			dd.addDescriptor(fid, sd, DataDictionary.SYSFILES_CATALOG_NUM,
-							 false, lcc.getTransactionExecute());
-			return generationId;
-		} finally {
-			notifyLoader(true);
-		}
+        SchemaDescriptor sd = dd.getSchemaDescriptor(schemaName, null, true);
+        try {
+            notifyLoader(false);
+            dd.invalidateAllSPSPlans();
+            final String jarExternalName = JarDDL.mkExternalName(schemaName,
+                    sqlName, fr.getSeparatorChar());
+
+            long generationId = setJar(jarExternalName, is, true, 0L);
+
+            fid = ddg.newFileInfoDescriptor(/*DJD*/null, sd, sqlName, generationId);
+            dd.addDescriptor(fid, sd, DataDictionary.SYSFILES_CATALOG_NUM,
+                    false, lcc.getTransactionExecute());
+            return generationId;
+        } finally {
+            notifyLoader(true);
+        }
 	}
 
 	/**
-	  Drop a jar file from the current connection's database.
-
-	  @param id The id for the jar file we drop. Ignored if null.
-	  @param schemaName the name for the schema that holds the jar file.
-	  @param sqlName the sql name for the jar file.
-	  @param purgeOnCommit True means purge the old jar file on commit. False
-	    means leave it around for use by replication.
-
-	  @exception StandardException Opps
-	  */
-	static public void
-	drop(UUID id, String schemaName, String sqlName,boolean purgeOnCommit)
+     * Drop a jar file from the current connection's database.
+     * 
+     * @param id
+     *            The id for the jar file we drop. Ignored if null.
+     * @param schemaName
+     *            the name for the schema that holds the jar file.
+     * @param sqlName
+     *            the sql name for the jar file.
+     * @param purgeOnCommit
+     *            True means purge the old jar file on commit. False means leave
+     *            it around for use by replication.
+     * 
+     * @exception StandardException
+     *                Opps
+     */
+	static void
+	drop(String schemaName, String sqlName)
 		 throws StandardException
 	{
-		JarUtil jutil = new JarUtil(id, schemaName,sqlName);
-		jutil.drop(purgeOnCommit);
+		JarUtil jutil = new JarUtil(schemaName,sqlName);
+		jutil.drop();
 	}
 
 	/**
@@ -174,12 +175,10 @@
 	  <P> The reason for dropping  the jar file in this private instance
 	  method is that it allows us to share set up logic with add and
 	  replace.
-	  @param purgeOnCommit True means purge the old jar file on commit. False
-	    means leave it around for use by replication.
 
 	  @exception StandardException Opps
 	  */
-	public void drop(boolean purgeOnCommit) throws StandardException
+	private void drop() throws StandardException
 	{
 		//
 		//Like create table we say we are writing before we read the dd
@@ -188,15 +187,6 @@
 		if (fid == null)
 			throw StandardException.newException(SQLState.LANG_FILE_DOES_NOT_EXIST, sqlName,schemaName);
 
-		if (SanityManager.DEBUG)
-		{
-			if (id != null && !fid.getUUID().equals(id))
-			{
-				SanityManager.THROWASSERT("Drop id mismatch want="+id+
-						" have "+fid.getUUID());
-			}
-		}
-
 		String dbcp_s = PropertyUtil.getServiceProperty(lcc.getTransactionExecute(),Property.DATABASE_CLASSPATH);
 		if (dbcp_s != null)
 		{
@@ -228,7 +218,7 @@
 			dd.dropFileInfoDescriptor(fid);
 
 			fr.remove(JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar()),
-				fid.getGenerationId(), true /*purgeOnCommit*/);
+				fid.getGenerationId());
 		} finally {
 			notifyLoader(true);
 		}
@@ -239,29 +229,26 @@
 	  external file. 
 
 
-	  @param id The id for the jar file we add. Ignored if null.
 	  @param schemaName the name for the schema that holds the jar file.
 	  @param sqlName the sql name for the jar file.
 	  @param externalPath the path for the jar file to add.
-	  @param purgeOnCommit True means purge the old jar file on commit. False
-	    means leave it around for use by replication.
 	  @return The new generationId for the jar file we replace.
 
 	  @exception StandardException Opps
 	  */
-	static public long
-	replace(UUID id,String schemaName, String sqlName,
-			String externalPath,boolean purgeOnCommit)
+	static long
+	replace(String schemaName, String sqlName,
+			String externalPath)
 		 throws StandardException
 	{
-		JarUtil jutil = new JarUtil(id,schemaName,sqlName);
+		JarUtil jutil = new JarUtil(schemaName,sqlName);
 		InputStream is = null;
 		
 
 		try {
-			is = FileUtil.getInputStream(externalPath, 0);
+			is = openJarURL(externalPath);
 
-			return jutil.replace(is,purgeOnCommit);
+			return jutil.replace(is);
 		} catch (java.io.IOException fnfe) {
 			throw StandardException.newException(SQLState.SQLJ_INVALID_JAR, fnfe, externalPath);
 		}
@@ -283,7 +270,7 @@
 	    means leave it around for use by replication.
 	  @exception StandardException Opps
 	  */
-	public long replace(InputStream is,boolean purgeOnCommit) throws StandardException
+	private long replace(InputStream is) throws StandardException
 	{
 		//
 		//Like create table we say we are writing before we read the dd
@@ -295,27 +282,19 @@
 		if (fid == null)
 			throw StandardException.newException(SQLState.LANG_FILE_DOES_NOT_EXIST, sqlName,schemaName);
 
-		if (SanityManager.DEBUG)
-		{
-			if (id != null && !fid.getUUID().equals(id))
-			{
-				SanityManager.THROWASSERT("Replace id mismatch want="+
-					id+" have "+fid.getUUID());
-			}
-		}
-
 		try {
 			// disable loads from this jar
 			notifyLoader(false);
 			dd.invalidateAllSPSPlans();
 			dd.dropFileInfoDescriptor(fid);
+            final String jarExternalName =
+                JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar());
 
 			//
 			//Replace the file.
-			long generationId = 
-				fr.replace(JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar()),
-					fid.getGenerationId(), is, purgeOnCommit);
-
+			long generationId = setJar(jarExternalName, is, false,
+					fid.getGenerationId());
+            
 			//
 			//Re-add the descriptor to the data dictionary.
 			FileInfoDescriptor fid2 = 
@@ -333,22 +312,6 @@
 	}
 
 	/**
-	  Get the FileInfoDescriptor for a jar file from the current connection's database or
-	  null if it does not exist.
-
-	  @param schemaName the name for the schema that holds the jar file.
-	  @param sqlName the sql name for the jar file.
-	  @return The FileInfoDescriptor.
-	  @exception StandardException Opps
-	  */
-	public static FileInfoDescriptor getInfo(String schemaName, String sqlName, String statementType)
-		 throws StandardException
-	{
-		JarUtil jUtil = new JarUtil(null,schemaName,sqlName);
-		return jUtil.getInfo();
-	}
-
-	/**
 	  Get the FileInfoDescriptor for the Jar file or null if it does not exist.
 	  @exception StandardException Ooops
 	  */
@@ -359,46 +322,75 @@
 		return dd.getFileInfoDescriptor(sd,sqlName);
 	}
 
-	// get the current version of the jar file as a File or InputStream
-	public static Object getAsObject(String schemaName, String sqlName)
-		 throws StandardException
-	{
-		JarUtil jUtil = new JarUtil(null,schemaName,sqlName);
-
-		FileInfoDescriptor fid = jUtil.getInfo();
-		if (fid == null)
-			throw StandardException.newException(SQLState.LANG_FILE_DOES_NOT_EXIST, sqlName,schemaName);
-
-		long generationId = fid.getGenerationId();
-
-		StorageFile f = jUtil.getAsFile(generationId);
-		if (f != null)
-			return f;
-
-		return jUtil.getAsStream(generationId);
-	}
-
-	private StorageFile getAsFile(long generationId) {
-		return fr.getAsFile(JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar()), generationId);
-	}
-
-	public static InputStream getAsStream(String schemaName, String sqlName,
-		long generationId) throws StandardException {
-		JarUtil jUtil = new JarUtil(null,schemaName,sqlName);
-
-		return jUtil.getAsStream(generationId);		
-	}
-
-	private InputStream getAsStream(long generationId) throws StandardException {
-		try {
-			return fr.getAsStream(JarDDL.mkExternalName(schemaName, sqlName, fr.getSeparatorChar()), generationId);
-		} catch (IOException ioe) {
-            throw StandardException.newException(SQLState.LANG_FILE_ERROR, ioe, ioe.toString());    
-		}
-	}
-
 	private void notifyLoader(boolean reload) throws StandardException {
 		ClassFactory cf = lcc.getLanguageConnectionFactory().getClassFactory();
 		cf.notifyModifyJar(reload);
 	}
+
+    /**
+     * Open an input stream to read a URL or a file.
+     * URL is attempted first, if the string does not conform
+     * to a URL then an attempt to open it as a regular file
+     * is tried.
+     * <BR>
+     * Attempting the file first can throw a security execption
+     * when a valid URL is passed in.
+     * The security exception is due to not have the correct permissions
+     * to access the bogus file path. To avoid this the order was reversed
+     * to attempt the URL first and only attempt a file open if creating
+     * the URL throws a MalformedURLException.
+     */
+    private static InputStream openJarURL(final String externalPath)
+        throws IOException
+    {
+        try {
+            return (InputStream) AccessController.doPrivileged
+            (new java.security.PrivilegedExceptionAction(){
+                
+                public Object run() throws IOException {    
+                    try {
+                        return new URL(externalPath).openStream();
+                    } catch (MalformedURLException mfurle)
+                    {
+                        return new FileInputStream(externalPath);
+                    }
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (IOException) e.getException();
+        }
+    }
+    
+    /**
+     * Copy the jar from the externally obtained 
+     * input stream into the database
+     * @param jarExternalName Name of jar with database structure.
+     * @param contents Contents of jar file.
+     * @param add true to add, false to replace
+     * @param currentGenerationId generation id of existing version, ignored when adding.
+     */
+    private long setJar(final String jarExternalName,
+            final InputStream contents,
+            final boolean add,
+            final long currentGenerationId)
+            throws StandardException {
+        try {
+            return ((Long) AccessController
+                    .doPrivileged(new java.security.PrivilegedExceptionAction() {
+
+                        public Object run() throws StandardException {
+                            long generationId;
+                            
+                            if (add)
+                                generationId = fr.add(jarExternalName, contents);
+                            else
+                                generationId =  fr.replace(jarExternalName,
+                                        currentGenerationId, contents);
+                            return new Long(generationId);
+                        }
+                    })).longValue();
+        } catch (PrivilegedActionException e) {
+            throw (StandardException) e.getException();
+        }
+    }
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/ReplaceJarConstantAction.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/ReplaceJarConstantAction.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/ReplaceJarConstantAction.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/sql/execute/ReplaceJarConstantAction.java Wed Jun 27 11:07:53 2007
@@ -21,21 +21,15 @@
 
 package org.apache.derby.impl.sql.execute;
 
-import org.apache.derby.iapi.services.sanity.SanityManager;
 import org.apache.derby.iapi.error.StandardException;
-import org.apache.derby.iapi.sql.execute.ConstantAction;
-
 import org.apache.derby.iapi.sql.Activation;
-
-import org.apache.derby.catalog.UUID;
+import org.apache.derby.iapi.sql.execute.ConstantAction;
 /**
  *	Constant action to Add an external  Jar file to a database. 
  *
  */
 class ReplaceJarConstantAction extends DDLConstantAction
 {
-
-	private final UUID id;
 	private final String schemaName;
 	private final String sqlName;
 	private final String externalPath;
@@ -48,17 +42,15 @@
 	/**
 	 *	Make the ConstantAction to replace a jar file in a database.
 	 *
-	 *	@param	id					The id for the jar file
 	 *	@param	schemaName			The SchemaName for the jar file.
 	 *	@param	sqlName			    The sqlName for the jar file.
 	 *  @param  externalPath            The name of the file that holds the jar.
 	 */
-	ReplaceJarConstantAction(UUID id,
+	ReplaceJarConstantAction(
 									String schemaName,
 									String sqlName,
 									String externalPath)
 	{
-		this.id = id;
 		this.schemaName = schemaName;
 		this.sqlName = sqlName;
 		this.externalPath = externalPath;
@@ -89,15 +81,8 @@
 	public void	executeConstantAction( Activation activation )
 						throws StandardException
 	{
-		JarUtil.replace(id,schemaName,
+		JarUtil.replace(schemaName,
 									   sqlName,
-									   externalPath,
-									   purgeOnCommit());
+									   externalPath);
 	}
-
-	//
-	// Replication can over-ride this to defer purging dropped jar
-	// files that remain in the stage.
-	protected boolean purgeOnCommit() { return true; }
-
 }

Modified: db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java (original)
+++ db/derby/code/branches/10.2/java/engine/org/apache/derby/impl/store/raw/data/RFResource.java Wed Jun 27 11:07:53 2007
@@ -43,12 +43,16 @@
 import java.io.OutputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 
 class RFResource implements FileResource {
 
-	protected final BaseDataFileFactory factory;
+	private final BaseDataFileFactory factory;
 
-	public RFResource(BaseDataFileFactory dataFactory) {
+	RFResource(BaseDataFileFactory dataFactory) {
 		this.factory = dataFactory;
 	}
 
@@ -148,7 +152,7 @@
 	  @see FileResource#remove
 	  @exception StandardException Oops
 	  */
-	public void remove(String name, long currentGenerationId, boolean purgeOnCommit)
+	public void remove(String name, long currentGenerationId)
 		throws StandardException
 	{
 		if (factory.isReadOnly())
@@ -171,27 +175,24 @@
 
         tran.blockBackup(true);
 
-		tran.logAndDo(new RemoveFileOperation(name, currentGenerationId, purgeOnCommit));
+		tran.logAndDo(new RemoveFileOperation(name, currentGenerationId, true));
 
-		if (purgeOnCommit) {
+		Serviceable s = new RemoveFile(getAsFile(name, currentGenerationId));
 
-			Serviceable s = new RemoveFile(getAsFile(name, currentGenerationId));
-
-			tran.addPostCommitWork(s);
-		}
+	    tran.addPostCommitWork(s);
 	}
 
 	/**
 	  @see FileResource#replace
 	  @exception StandardException Oops
 	  */
-	public long replace(String name, long currentGenerationId, InputStream source, boolean purgeOnCommit)
+	public long replace(String name, long currentGenerationId, InputStream source)
 		throws StandardException
 	{
 		if (factory.isReadOnly())
 			throw StandardException.newException(SQLState.FILE_READ_ONLY);
 
-		remove(name, currentGenerationId, purgeOnCommit);
+		remove(name, currentGenerationId);
 
 		long generationId = add(name, source);
 
@@ -210,14 +211,6 @@
 	}
 
 	/**
-	  @see FileResource#getAsFile
-	  */
-	private StorageFile getAsFile(String name)
-	{
-		return factory.storageFactory.newStorageFile( name);
-	}
-
-	/**
 	  @see FileResource#getAsStream
 	  @exception IOException trouble accessing file.
 	  */
@@ -234,7 +227,7 @@
 } // end of class RFResource
 
 
-class RemoveFile implements Serviceable
+final class RemoveFile implements Serviceable, PrivilegedExceptionAction
 {
 	private final StorageFile fileToGo;
 
@@ -246,15 +239,11 @@
 	public int performWork(ContextManager context)
         throws StandardException
     {
-        // SECURITY PERMISSION - MP1, OP5
-        if (fileToGo.exists())
-        {
-            if (!fileToGo.delete())
-            {
-                throw StandardException.newException(
-                    SQLState.FILE_CANNOT_REMOVE_FILE, fileToGo);
-            }
-        }
+        try {
+            AccessController.doPrivileged(this);
+        } catch (PrivilegedActionException e) {
+            throw (StandardException) (e.getException());
+         }
         return Serviceable.DONE;
 	}
 
@@ -272,5 +261,16 @@
 	public boolean serviceImmediately()
 	{
 		return true;
-	}	
+	}
+
+    public Object run() throws StandardException {
+        // SECURITY PERMISSION - MP1, OP5
+        if (fileToGo.exists()) {
+            if (!fileToGo.delete()) {
+                throw StandardException.newException(
+                        SQLState.FILE_CANNOT_REMOVE_FILE, fileToGo);
+            }
+        }
+        return null;
+    }	
 }

Modified: db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/tools/dblook_test_app.properties
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/tools/dblook_test_app.properties?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/tools/dblook_test_app.properties (original)
+++ db/derby/code/branches/10.2/java/testing/org/apache/derbyTesting/functionTests/tests/tools/dblook_test_app.properties Wed Jun 27 11:07:53 2007
@@ -3,5 +3,3 @@
 #Exclude for J2ME/Foundation - test requires java.sql.DriverManager
 runwithfoundation=false
 
-# disable security manager for now - DERBY-537
-noSecurityManager=true

Modified: db/derby/code/branches/10.2/tools/jar/extraDBMSclasses.properties
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.2/tools/jar/extraDBMSclasses.properties?view=diff&rev=551252&r1=551251&r2=551252
==============================================================================
--- db/derby/code/branches/10.2/tools/jar/extraDBMSclasses.properties (original)
+++ db/derby/code/branches/10.2/tools/jar/extraDBMSclasses.properties Wed Jun 27 11:07:53 2007
@@ -44,8 +44,6 @@
 derby.module.diag.diagnosticable.generic=org.apache.derby.iapi.services.diag.DiagnosticableGeneric
 derby.module.diag.diagnostic.util=org.apache.derby.iapi.services.diag.DiagnosticUtil
 
-derby.module.classFactory.signedJar.jdk12=org.apache.derby.impl.services.reflect.JarFileJava2
-
 derby.module.internalUtil.classsizecatalogimpl=org.apache.derby.iapi.services.cache.ClassSizeCatalog
 
 derby.module.catalog.getprocedurecolumns=org.apache.derby.catalog.GetProcedureColumns



Mime
View raw message