db-derby-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	d..@apache.org
Subject	svn commit: r636818 - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/ testing/org/apache/derbyTesting/functionTests/tests/management/ testing/org/apache/derbyTesting/functionTests/util/
Date	Thu, 13 Mar 2008 18:20:12 GMT
Author: djd Date: Thu Mar 13 11:20:10 2008 New Revision: 636818 URL: http://svn.apache.org/viewvc?rev=636818&view=rev Log: DERBY-3506 Add requirement for SystemPermission("server", "monitor") to NetworkServerMBean attributes that are not security sensitive. Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=636818&r1=636817&r2=636818&view=diff ============================================================================== --- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original) +++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu Mar 13 11:20:10 2008 @@ -88,6 +88,9 @@ // Needed for server tracing. // permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete"; + + // Needed for NetworkServerMBean access (see JMX section above) + permission org.apache.derby.security.SystemPermission "server", "monitor"; // // Needed by sysinfo. The file permission is needed to Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java?rev=636818&r1=636817&r2=636818&view=diff ============================================================================== --- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java (original) +++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java Thu Mar 13 11:20:10 2008 @@ -21,7 +21,11 @@ package org.apache.derby.impl.drda; +import java.security.AccessControlException; +import java.security.AccessController; + import org.apache.derby.mbeans.drda.NetworkServerMBean; +import org.apache.derby.security.SystemPermission; import org.apache.derby.iapi.reference.Property; import org.apache.derby.iapi.services.monitor.Monitor; import org.apache.derby.drda.NetworkServerControl; @@ -52,18 +56,38 @@ startTime = System.currentTimeMillis(); } + private static final SystemPermission CONTROL = + new SystemPermission(SystemPermission.SERVER, + SystemPermission.CONTROL); + private static final SystemPermission MONITOR = + new SystemPermission(SystemPermission.SERVER, + SystemPermission.MONITOR); + /** * Ensure the caller has permission to control the network server. / - private void checkControl() { - // TODO: implement check + private static void checkControl() { + // checkPermission(CONTROL); } /* * Ensure the caller has permission to monitor the network server. / - private void checkMonitor() { -// TODO: implement check + private static void checkMonitor() { + checkPermission(MONITOR); + } + + private static void checkPermission(SystemPermission permission) + { + try { + if (System.getSecurityManager() != null) + AccessController.checkPermission(permission); + } catch (AccessControlException e) { + // Need to throw a simplified version as AccessControlException + // will have a reference to Derby's SystemPermission which most likely + // will not be available on the client. + throw new SecurityException(e.getMessage()); + } } // Some of the code is disabled (commented out) due to security concerns, @@ -82,6 +106,7 @@ } public boolean getDrdaKeepAlive() { + checkMonitor(); String on = getServerProperty(Property.DRDA_PROP_KEEPALIVE); return ( "true".equals(on) ? true : false); } Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml?rev=636818&r1=636817&r2=636818&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml Thu Mar 13 11:20:10 2008 @@ -57,6 +57,11 @@ </classpath> <include name="${this.dir}/.java"/> </javac> + <copy todir="${out.dir}/${derby.testing.functest.dir}/tests/management"> + <fileset dir="${derby.testing.src.dir}/${derby.testing.functest.dir}/tests/management" + includes="jmx.*"/> + </copy> + </target> </project> Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=636818&r1=636817&r2=636818&view=diff ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Thu Mar 13 11:20:10 2008 @@ -127,6 +127,9 @@ permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + // Needed for NetworkServerMBean access (see JMX section above) + permission org.apache.derby.security.SystemPermission "server", "monitor"; + }; //
Mime	Unnamed text/plain (inline, 7-Bit, 6097 bytes)
	View raw message