db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r636818 - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/ testing/org/apache/derbyTesting/functionTests/tests/management/ testing/org/apache/derbyTesting/functionTests/util/
Date Thu, 13 Mar 2008 18:20:12 GMT
Author: djd
Date: Thu Mar 13 11:20:10 2008
New Revision: 636818

URL: http://svn.apache.org/viewvc?rev=636818&view=rev
Log:
DERBY-3506 Add requirement for SystemPermission("server", "monitor") to NetworkServerMBean
attributes that are not security sensitive.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=636818&r1=636817&r2=636818&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu Mar 13 11:20:10
2008
@@ -88,6 +88,9 @@
 // Needed for server tracing.
 //
   permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+  
+  // Needed for NetworkServerMBean access (see JMX section above)
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
 
 //
 // Needed by sysinfo. The file permission is needed to

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java?rev=636818&r1=636817&r2=636818&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java Thu
Mar 13 11:20:10 2008
@@ -21,7 +21,11 @@
 
 package org.apache.derby.impl.drda;
 
+import java.security.AccessControlException;
+import java.security.AccessController;
+
 import org.apache.derby.mbeans.drda.NetworkServerMBean;
+import org.apache.derby.security.SystemPermission;
 import org.apache.derby.iapi.reference.Property;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.drda.NetworkServerControl;
@@ -52,18 +56,38 @@
         startTime = System.currentTimeMillis();
     }
     
+    private static final SystemPermission CONTROL =
+        new SystemPermission(SystemPermission.SERVER,
+                SystemPermission.CONTROL);
+    private static final SystemPermission MONITOR =
+        new SystemPermission(SystemPermission.SERVER,
+                SystemPermission.MONITOR);
+    
     /**
      * Ensure the caller has permission to control the network server.
      */
-    private void checkControl() { 
-        // TODO: implement check
+    private static void checkControl() { 
+        // checkPermission(CONTROL);
     }
 
     /**
      * Ensure the caller has permission to monitor the network server.
      */
-    private void checkMonitor() { 
-//      TODO: implement check
+    private static void checkMonitor() { 
+        checkPermission(MONITOR);
+    }
+    
+    private static void checkPermission(SystemPermission permission)
+    {
+        try {
+            if (System.getSecurityManager() != null)
+                AccessController.checkPermission(permission);
+        } catch (AccessControlException e) {
+            // Need to throw a simplified version as AccessControlException
+            // will have a reference to Derby's SystemPermission which most likely
+            // will not be available on the client.
+            throw new SecurityException(e.getMessage());
+        }  
     }
 
     // Some of the code is disabled (commented out) due to security concerns,
@@ -82,6 +106,7 @@
     }
     
     public boolean getDrdaKeepAlive() {
+        checkMonitor();
         String on = getServerProperty(Property.DRDA_PROP_KEEPALIVE);
         return ( "true".equals(on) ? true : false);
     }

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml?rev=636818&r1=636817&r2=636818&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/management/build.xml
Thu Mar 13 11:20:10 2008
@@ -57,6 +57,11 @@
             </classpath>
             <include name="${this.dir}/*.java"/>
         </javac>
+        <copy todir="${out.dir}/${derby.testing.functest.dir}/tests/management">
+          <fileset dir="${derby.testing.src.dir}/${derby.testing.functest.dir}/tests/management"
+        	 includes="jmx.*"/>
+        </copy>
+
     </target>
 
 </project>

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=636818&r1=636817&r2=636818&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Thu Mar 13 11:20:10 2008
@@ -127,6 +127,9 @@
   permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
   
+    // Needed for NetworkServerMBean access (see JMX section above)
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
+  
 };
 
 //



Mime
View raw message