db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r636813 - in /db/derby/code/trunk: java/drda/org/apache/derby/drda/ java/drda/org/apache/derby/impl/drda/ java/engine/org/apache/derby/iapi/services/info/ java/engine/org/apache/derby/impl/services/jmx/ java/engine/org/apache/derby/mbeans/ ...
Date Thu, 13 Mar 2008 17:50:25 GMT
Author: djd
Date: Thu Mar 13 10:50:16 2008
New Revision: 636813

URL: http://svn.apache.org/viewvc?rev=636813&view=rev
Log:
DERBY-3506 Add requirement for SystemPermission("engine"|"server", "monitor") for getting
attributes of the VersionMBean. Add various javadoc improvements related to the change.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
    db/derby/code/trunk/java/engine/org/apache/derby/mbeans/ManagementMBean.java
    db/derby/code/trunk/java/engine/org/apache/derby/mbeans/VersionMBean.java
    db/derby/code/trunk/java/engine/org/apache/derby/mbeans/package.html
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
    db/derby/code/trunk/tools/javadoc/publishedapi.ant

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu Mar 13 10:50:16
2008
@@ -63,6 +63,8 @@
   // a whole set of fine-grained permissions to allow specific
   // users access to MBeans and actions they perform.
   permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
 
 };
 

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
(original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Thu Mar 13 10:50:16 2008
@@ -779,7 +779,7 @@
         final Object versionMBean = mgmtService.registerMBean(
                            new Version(
                                    getNetProductVersionHolder(),
-                                   null /*SystemPermission.SERVER*/),
+                                   SystemPermission.SERVER),
                            VersionMBean.class,
                            "type=Version,jar=derbynet.jar");
         final Object networkServerMBean = mgmtService.registerMBean(

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java Thu Mar
13 10:50:16 2008
@@ -21,7 +21,11 @@
 
 package org.apache.derby.iapi.services.info;
 
+import java.security.AccessControlException;
+import java.security.AccessController;
+
 import org.apache.derby.mbeans.VersionMBean;
+import org.apache.derby.security.SystemPermission;
 
 /**
  * This implementation of VersionMBean instruments a
@@ -35,7 +39,7 @@
     private final ProductVersionHolder versionInfo;
     
     /**
-     * Permission name for the object the version
+     * Permission target name for the object the version
      * information applies to.
      */
     private final String permissionName;
@@ -49,9 +53,22 @@
     ** Security checks(non-Javadoc)
     */
     
+    /**
+     * Ensure caller has permission to monitor Derby.
+     */
     private void checkMonitor() {
-        // TODO: Add actual check
-        //new SystemPermission(permissionName, SystemPermission.MONITOR);
+
+        try {
+            if (System.getSecurityManager() != null)
+                AccessController.checkPermission(
+                        new SystemPermission(permissionName,
+                                SystemPermission.MONITOR));
+        } catch (AccessControlException e) {
+            // Need to throw a simplified version as AccessControlException
+            // will have a reference to Derby's SystemPermission which most likely
+            // will not be available on the client.
+            throw new SecurityException(e.getMessage());
+        }
     }
     
     // ------------------------- MBEAN ATTRIBUTES  ----------------------------

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
Thu Mar 13 10:50:16 2008
@@ -121,7 +121,7 @@
         registerMBean(
                 new Version(
                         Monitor.getMonitor().getEngineVersion(),
-                        null /* SystemPermission.ENGINE */),
+                        SystemPermission.ENGINE),
                 VersionMBean.class,
                 "type=Version,jar=derby.jar");
     }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/mbeans/ManagementMBean.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/mbeans/ManagementMBean.java?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/mbeans/ManagementMBean.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/mbeans/ManagementMBean.java Thu Mar 13
10:50:16 2008
@@ -23,10 +23,9 @@
 
 /**
  * JMX MBean inteface to control visibility of Derby's MBeans.
- * When Derby boots it attempts to register an MBean
- * implementing ManagementMBean if derby.system.jmx is true.
+ * When Derby boots it attempts to register its MBeans.
  * It may fail due to lack of valid permissions.
- * If Derby does not register its ManagementMBean then an
+ * If Derby does not register its MBeans then an
  * application may register the Management implementation
  * of ManagementMBean itself and use it to start Derby's
  * JMX management.
@@ -65,7 +64,7 @@
      * MBeans relevant to its current state. If Derby is not
      * booted then no action is taken.
      * <P>
-     * Require SystemPermission("jmx", "control") if a security
+     * Require <code>SystemPermission("jmx", "control")</code> if a security
      * manager is installed.
      * 
      * @see org.apache.derby.security.SystemPermission
@@ -76,7 +75,7 @@
      * Inform Derby to stop its JMX management by unregistering
      * its MBeans. If Derby is not booted then no action is taken.
      * <P>
-     * Require SystemPermission("jmx", "control") if a security
+     * Require <code>SystemPermission("jmx", "control")</code> if a security
      * manager is installed.
      * 
      * @see org.apache.derby.security.SystemPermission

Modified: db/derby/code/trunk/java/engine/org/apache/derby/mbeans/VersionMBean.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/mbeans/VersionMBean.java?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/mbeans/VersionMBean.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/mbeans/VersionMBean.java Thu Mar 13 10:50:16
2008
@@ -36,6 +36,15 @@
  * <LI> <code>jar={derby.jar|derbynet.jar}</code>
  * <LI> <code>system=</code><em>runtime system identifier</em>
(see overview)
  * </UL>
+ * <P>
+ * If a security manager is installed these permissions are required:
+ * <UL>
+ * <LI> <code>SystemPermission("server", "monitor")</code> for version
information
+ * specific to derbynet.jar
+ * <LI> <code>SystemPermission("engine", "monitor")</code> for version
information
+ * specific to derby.jar
+ * </UL>
+ * @see org.apache.derby.security.SystemPermission
 */
 public interface VersionMBean {
     // attributes

Modified: db/derby/code/trunk/java/engine/org/apache/derby/mbeans/package.html
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/mbeans/package.html?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/mbeans/package.html (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/mbeans/package.html Thu Mar 13 10:50:16
2008
@@ -16,9 +16,8 @@
 -->
 <body>
 <h2> JMX MBeans. </h2>
-If <code>derby.system.jmx</code> is true then when Derby (the embedded engine)
-is booted it will attempt to connect to the PlatformMBeanServer and register
-a number of MBeans to monitor and manage Derby.
+When Derby (the embedded engine) is booted it will attempt to connect
+to the PlatformMBeanServer and register a number of MBeans to monitor and manage Derby.
 <P>
 Derby registers its JMX MBeans in the <code>org.apache.derby</code> domain and
 always includes values for <code>type</code> and <code>system</code>
in the MBean's ObjectName's key

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Thu Mar 13 10:50:16 2008
@@ -103,7 +103,8 @@
   // a whole set of fine-grained permissions to allow specific
   // users access to MBeans and actions they perform.
   permission org.apache.derby.security.SystemPermission "jmx", "control";
-  
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";  
  
   // These permissions are needed when testing code instrumented with EMMA.
   // They will only be used if the emma.active system property property is set,
@@ -212,7 +213,9 @@
   // Test code needs this as well for the platform MBeanServer
   // tests where the testing code is in the stack frame.
   permission org.apache.derby.security.SystemPermission "jmx", "control";
-
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
+  
   // These permissions are needed when testing code instrumented with EMMA.
   permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
 };

Modified: db/derby/code/trunk/tools/javadoc/publishedapi.ant
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/tools/javadoc/publishedapi.ant?rev=636813&r1=636812&r2=636813&view=diff
==============================================================================
--- db/derby/code/trunk/tools/javadoc/publishedapi.ant (original)
+++ db/derby/code/trunk/tools/javadoc/publishedapi.ant Thu Mar 13 10:50:16 2008
@@ -8,9 +8,6 @@
 # Add new files to the appropriate package section; add new sections
 # for new packages.
 #
-# IMPORTANT: if you are adding a new package, be sure to add it to
-#            the list of packages in the publishedapi target in
-#            the toplevel build.xml file.
 #
 # Please do not add whitespace in front of class names.
 # Blank lines and comments are allowed.
@@ -45,5 +42,9 @@
 
 org/apache/derby/mbeans/*.java
 org/apache/derby/mbeans/drda/*.java
+
+# package: org.apache.derby.security
+
+org/apache/derby/security/SystemPermission.java
 
 



Mime
View raw message