db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r661797 - in /db/derby/code/trunk/java: engine/org/apache/derby/iapi/util/ engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/jdbc/ engine/org/apache/derby/security/ testing/org/apache/derbyTesting/unitTests/junit/
Date Fri, 30 May 2008 17:59:29 GMT
Author: rhillegas
Date: Fri May 30 10:59:28 2008
New Revision: 661797

URL: http://svn.apache.org/viewvc?rev=661797&view=rev
Log:
DERBY-3531: Commit Martin's patch which rewrites string splitting code to use only apis which
are present on Java ME platforms.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
  (with props)
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
    db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java Fri May 30
10:59:28 2008
@@ -20,7 +20,9 @@
  */
 
 package org.apache.derby.iapi.util;
+
 import java.util.Locale;
+import java.util.StringTokenizer;
 
 /**
 	A set of public static methods for dealing with Strings
@@ -28,6 +30,39 @@
 public class StringUtil 
 {
 	/**
+	 * Splits a string around matches of the given delimiter character.
+	 *
+	 * Where applicable, this method can be used as a substitute for
+	 * <code>String.split(String regex)</code>, which is not available
+	 * on a JSR169/Java ME platform.
+	 *
+	 * @param str the string to be split
+	 * @param delim the delimiter
+	 * @throws NullPointerException if str is null
+	 */
+	static public String[] split(String str, char delim)
+	{
+		if (str == null) {
+			throw new NullPointerException("str can't be null");
+		}
+
+		// Note the javadoc on StringTokenizer:
+		//     StringTokenizer is a legacy class that is retained for
+		//     compatibility reasons although its use is discouraged in
+		//     new code.
+        // In other words, if StringTokenizer is ever removed from the JDK,
+        // we need to have a look at String.split() (or java.util.regex)
+        // if it is supported on a JSR169/Java ME platform by then.
+		StringTokenizer st = new StringTokenizer(str, String.valueOf(delim));
+		int n = st.countTokens();
+		String[] s = new String[n];
+		for (int i = 0; i < n; i++) {
+			s[i] = st.nextToken();
+		}
+		return s;
+	}
+
+	/**
 	 * Used to print out a string for error messages, 
 	 * chops is off at 60 chars for historical reasons.
 	 */
@@ -155,9 +190,9 @@
 
 
 	private static char[] hex_table = {
-                '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 
-                'a', 'b', 'c', 'd', 'e', 'f'
-            };
+        '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 
+        'a', 'b', 'c', 'd', 'e', 'f'
+    };
 
 
 	/**

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Fri May
30 10:59:28 2008
@@ -33,9 +33,11 @@
 import org.apache.derby.iapi.services.memory.LowMemory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.services.property.PropertyUtil;
 
 import org.apache.derby.iapi.jdbc.AuthenticationService;
 import org.apache.derby.iapi.jdbc.EngineConnection;
+import org.apache.derby.security.DatabasePermission;
 
 import org.apache.derby.iapi.db.Database;
 import org.apache.derby.impl.db.SlaveDatabase;
@@ -52,6 +54,13 @@
 import org.apache.derby.iapi.store.replication.master.MasterFactory;
 import org.apache.derby.iapi.store.replication.slave.SlaveFactory;
 
+import org.apache.derby.iapi.util.IdUtil;
+
+import java.io.IOException;
+
+import java.security.Permission;
+import java.security.AccessControlException;
+
 /* can't import due to name overlap:
 import java.sql.Connection;
 import java.sql.ResultSet;
@@ -372,11 +381,6 @@
 
 					// check for user's credential and authenticate the user
 					// with system level authentication service.
-					// FIXME: We should also check for CREATE DATABASE operation
-					//		  authorization for the user if authorization was
-					//		  set at the system level.
-					//		  Right now, the authorization service does not
-					//		  restrict/account for Create database op.
 					checkUserCredentials(null, info);
 					
 					// Process with database creation
@@ -2412,6 +2416,11 @@
 
 		info = filterProperties(info);
 
+		// check for create database privileges
+		// DERBY-3495: uncomment to enable system privileges checks
+		//final String user = IdUtil.getUserNameFromURLProps(info);
+		//checkDatabaseCreatePrivileges(user, dbname);
+
 		try {
 			if (Monitor.createPersistentService(Property.DATABASE_MODULE, dbname, info) == null) 
 			{
@@ -2432,6 +2441,90 @@
 		return (Database) Monitor.findService(Property.DATABASE_MODULE, dbname);
 	}
 
+	/**
+	 * Checks that a user has the system privileges to create a database.
+	 * To perform this check the following policy grants are required
+	 * <ul>
+	 * <li> to run the encapsulated test:
+	 *		permission javax.security.auth.AuthPermission "doAsPrivileged";
+	 * <li> to resolve relative path names:
+	 *		permission java.util.PropertyPermission "user.dir", "read";
+	 * <li> to canonicalize path names:
+	 *		permission java.io.FilePermission "...", "read";
+	 * </ul>
+	 * or a SQLException will be raised detailing the cause.
+	 * <p>
+	 * In addition, for the test to succeed
+	 * <ul>
+	 * <li> the given user needs to be covered by a grant:
+	 *		principal org.apache.derby.authentication.SystemPrincipal "..." {}
+	 * <li> that lists a permission covering the database location:
+	 *		permission org.apache.derby.security.DatabasePermission "directory:...", "create";
+	 * </ul>
+	 * or it will fail with a SQLException detailing the cause.
+	 *
+	 * @param user The user to be checked for database create privileges
+	 * @param dbname the name of the database to create
+	 * @throws SQLException if the privileges check fails
+	 */
+	private void checkDatabaseCreatePrivileges(String user,
+											   String dbname)
+		throws SQLException {
+		// approve action if not running under a security manager
+		if (System.getSecurityManager() == null) {
+			return;
+		}
+		if (dbname == null) {
+			throw new NullPointerException("dbname can't be null");
+		}
+        
+		// the check
+		try {
+			// raises IOException if dbname is non-canonicalizable
+			final String url
+				= (DatabasePermission.URL_PROTOCOL_DIRECTORY
+				   + stripSubSubProtocolPrefix(dbname));
+			final Permission dp
+				= new DatabasePermission(url, DatabasePermission.CREATE);
+            
+			factory.checkSystemPrivileges(user, dp);
+		} catch (AccessControlException ace) {
+			throw Util.generateCsSQLException(
+                                              SQLState.AUTH_DATABASE_CREATE_MISSING_PERMISSION,
+                                              user, dbname, ace);
+		} catch (IOException ioe) {
+			throw Util.generateCsSQLException(
+                                              SQLState.AUTH_DATABASE_CREATE_EXCEPTION,
+                                              dbname, (Object)ioe); // overloaded method
+		} catch (Exception e) {
+			throw Util.generateCsSQLException(
+                                              SQLState.AUTH_DATABASE_CREATE_EXCEPTION,
+                                              dbname, (Object)e); // overloaded method
+		}
+	}
+
+    /**
+     * Strips any sub-sub-protocol prefix from a database name.
+     *
+     * @param dbname a database name
+     * @return the database name without any sub-sub-protocol prefixes
+     * @throws NullPointerException if dbname is null
+     */
+    static public String stripSubSubProtocolPrefix(String dbname) {
+        // check if database name starts with a sub-sub-protocol tag
+        final int i = dbname.indexOf(':');
+        if (i > 0) {
+            // construct the sub-sub-protocol's system property name
+            final String prop
+                = Property.SUB_SUB_PROTOCOL_PREFIX + dbname.substring(0, i);
+            
+            // test for existence of a system property (JVM + derby.properties)
+            if (PropertyUtil.getSystemProperty(prop, null) != null) {
+                return dbname.substring(i + 1); // the stripped database name
+            }
+        }
+        return dbname; // the unmodified database name
+    }
 
 	/**
 	 * Boot database.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java Fri May 30 10:59:28
2008
@@ -140,7 +140,7 @@
      * @throws AccessControlException if permissions are missing
      * @throws Exception if the privileges check fails for some other reason
      */
-    void checkSystemPrivileges(String user,
+    public void checkSystemPrivileges(String user,
                                       Permission perm)
         throws Exception {
         // no checks -- some of the javax security classes not available

Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java Fri May 30 10:59:28
2008
@@ -216,7 +216,7 @@
      * @throws AccessControlException if permissions are missing
      * @throws Exception if the privileges check fails for some other reason
      */
-    void checkSystemPrivileges(String user,
+    public void checkSystemPrivileges(String user,
                                       Permission perm)
         throws Exception {
         SecurityUtil.checkUserHasPermission(user, perm);

Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java Fri May 30 10:59:28
2008
@@ -224,9 +224,9 @@
 					}
 
 					// check for shutdown privileges
-                    // Disabled until more of the patch can be applied.
+					// DERBY-3495: uncomment to enable system privileges checks
 					//final String user = IdUtil.getUserNameFromURLProps(finfo);
-                    //checkShutdownPrivileges(user);
+					//checkShutdownPrivileges(user);
 
 					Monitor.getMonitor().shutdown();
 
@@ -268,7 +268,7 @@
      * @throws AccessControlException if permissions are missing
      * @throws Exception if the privileges check fails for some other reason
      */
-    abstract void checkSystemPrivileges(String user,
+    abstract public void checkSystemPrivileges(String user,
                                                Permission perm)
         throws Exception;
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java Fri
May 30 10:59:28 2008
@@ -26,9 +26,11 @@
 import java.security.PrivilegedExceptionAction;
 import java.security.PrivilegedActionException;
 import java.security.AccessController;
+import org.apache.derby.iapi.util.StringUtil;
 
 import java.util.Set;
 import java.util.HashSet;
+import java.util.Locale;
 
 import java.io.File;
 import java.io.IOException;
@@ -119,7 +121,7 @@
      */
     static protected final Set LEGAL_ACTIONS = new HashSet();
     static {
-        // when adding new actions, check method: implies(Permission)
+        // when adding new actions, check: implies(Permission), getActions()
         LEGAL_ACTIONS.add(CREATE);
     };
 
@@ -231,18 +233,14 @@
             throw new IllegalArgumentException("actions can't be empty");
         }
 
-        // splitting the comma-separated list into the individual actions
-        // may throw a java.util.regex.PatternSyntaxException, which is a
-        // java.lang.IllegalArgumentException, hence directly applicable
-        final String[] s = actions.split(",");
-
         // check for any illegal actions
+        actions = actions.toLowerCase(Locale.ENGLISH);
+        final String[] s = StringUtil.split(actions, ',');
         for (int i = 0; i < s.length; i++) {
             final String action = s[i].trim();
             if (!LEGAL_ACTIONS.contains(action)) {
                 // report illegal action
                 final String msg = "Illegal action '" + action + "'";
-                //System.out.println("DatabasePermission: " + msg);
                 throw new IllegalArgumentException(msg);
             }
         }
@@ -270,7 +268,6 @@
         // check URL's protocol scheme and initialize path
         if (!url.startsWith(URL_PROTOCOL_DIRECTORY)) {
             final String msg = "Unsupported protocol in URL '" + url + "'";
-            //System.out.println("DatabasePermission: " + msg);
             throw new IllegalArgumentException(msg);
         }
         String p = url.substring(URL_PROTOCOL_DIRECTORY.length());
@@ -376,9 +373,6 @@
      * @see Permission#implies(Permission)
      */
     public boolean implies(Permission p) {
-        //System.out.println("this = " + this);
-        //System.out.println("that = " + p);
-
         // can only imply other DatabasePermissions
         if (!(p instanceof DatabasePermission)) {
             return false;

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
Fri May 30 10:59:28 2008
@@ -40,7 +40,7 @@
 
 import org.apache.derby.authentication.SystemPrincipal;
 import org.apache.derby.security.SystemPermission;
-//import org.apache.derby.security.DatabasePermission;
+import org.apache.derby.security.DatabasePermission;
 
 import org.apache.derby.iapi.util.IdUtil;
 import org.apache.derby.iapi.error.StandardException;
@@ -51,12 +51,18 @@
 public class SystemPrivilegesPermissionTest extends BaseTestCase {
 
     /**
-     * This test's policy file.
+     * The policy file name for the subject authorization tests.
      */
     static private String POLICY_FILE_NAME
         = "org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy";
 
     /**
+     * The policy file name for the DatabasePermission API test.
+     */
+    static private String POLICY_FILE_NAME1
+        = "org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy";
+
+    /**
      * Some directory paths for testing DatabasePermissions.
      */
     static private final String[] dirPaths = {
@@ -151,19 +157,38 @@
      * @throws Exception
      */
     public static Test suite() {
-        TestSuite suite = new TestSuite(
-                SystemPrivilegesPermissionTest.class,
-                "SystemPrivilegesPermissionTest");
-        
-        if (SecurityManagerSetup.JVM_HAS_SUBJECT_AUTHORIZATION)
-        {
+        // this suite cannot be constructed with automatic test extraction
+        // (by passing a class argument); instead, the tests need to be added
+        // manually since some of them require their own policy file
+        TestSuite suite = new TestSuite("SystemPrivilegesPermissionTest");
+
+        // add API tests for the basic security framework classes
+        suite.addTest(
+            new SystemPrivilegesPermissionTest("testSystemPrincipal"));
+        suite.addTest(
+            new SystemPrivilegesPermissionTest("testSystemPermission"));
+        // the DatabasePermission test attempts to canonicalize various
+        // directory path names and requires an all-files-read-permission,
+        // which is not granted by default derby_tests.policy
+        suite.addTest(new SecurityManagerSetup(
+            new SystemPrivilegesPermissionTest("testDatabasePermission"),
+            POLICY_FILE_NAME1));
+
+        // add authorization tests for security permissions; requires
+        // class javax.security.auth.Subject, which is not available
+        // on all JVM platforms
+        if (SecurityManagerSetup.JVM_HAS_SUBJECT_AUTHORIZATION) {
+            suite.addTest(new SecurityManagerSetup(
+                new SystemPrivilegesPermissionTest("policyTestSystemPermissionGrants"),
+                     POLICY_FILE_NAME));
             suite.addTest(new SecurityManagerSetup(
-                new SystemPrivilegesPermissionTest("policyTestSystemGrants"),
-                POLICY_FILE_NAME));
+                new SystemPrivilegesPermissionTest("policyTestDatabasePermissionGrants"),
+                     POLICY_FILE_NAME));
         }
+
         return suite;
     }
-    
+
     /**
      * Tests SystemPrincipal.
      */
@@ -304,19 +329,21 @@
         }
     }
     
-    public void policyTestSystemGrants() {
-
-        // test SystemPermission for authorized user against policy file
-        
-        Permission shutdown = new SystemPermission(
+    /**
+     * Tests SystemPermissions against the Policy.
+     */
+    public void policyTestSystemPermissionGrants() {
+        final Permission shutdown
+            = new SystemPermission(
                 SystemPermission.SERVER,
                 SystemPermission.SHUTDOWN);
         
+        // test SystemPermission for authorized user
         final SystemPrincipal authorizedUser
             = new SystemPrincipal("authorizedSystemUser");
         execute(authorizedUser, new ShutdownAction(shutdown), true);
         
-        // test SystemPermission for unauthorized user against policy file
+        // test SystemPermission for unauthorized user
         final SystemPrincipal unAuthorizedUser
             = new SystemPrincipal("unAuthorizedSystemUser");
         execute(unAuthorizedUser, new ShutdownAction(shutdown), false);
@@ -324,10 +351,8 @@
     
     /**
      * Tests DatabasePermission.
-     */
-   
-    public void XXtestDatabasePermission() throws IOException {
- /*********************************************
+     */   
+    public void testDatabasePermission() throws IOException {
         // test DatabasePermission with null url
         try {
             new DatabasePermission(null, DatabasePermission.CREATE);
@@ -351,7 +376,6 @@
         } catch (IllegalArgumentException ex) {
             // expected exception
         }
-***********************************************/
         
         // this test's commented out because it's platform-dependent
         // (no reliable way to make it pass on Unix)
@@ -365,7 +389,7 @@
         //} catch (IOException ex) {
         //    // expected exception
         //}
-/**********************************************
+
         // test DatabasePermission with null actions
         try {
             new DatabasePermission("directory:dir", null);
@@ -484,9 +508,22 @@
         checkImplies(absDirPathPerms, inclPerms, allFalse);
         checkImplies(inclPerms, absDirPathAliasPerms, allTrue);
         checkImplies(absDirPathAliasPerms, inclPerms, allFalse);
+    }
+
+    /**
+     * Tests DatabasePermissions against the Policy.
+     */
+    public void policyTestDatabasePermissionGrants() throws IOException {
+        final DatabasePermission[] relDirPathPerms
+            = new DatabasePermission[relDirPaths.length];
+        for (int i = 0; i < relDirPaths.length; i++) {
+            relDirPathPerms[i]
+                = new DatabasePermission(relDirPaths[i],
+                                         DatabasePermission.CREATE);
+        }
 
         // test DatabasePermission for unauthorized, authorized, and
-        // all-authorized users against policy file
+        // all-authorized users
         final int[] singleLocPaths = { 2, 3, 6, 7 };
         final SystemPrincipal authorizedUser
             = new SystemPrincipal("authorizedSystemUser");
@@ -504,7 +541,7 @@
                     new CreateDatabaseAction(relDirPathPerms[j]), true);
         }
 
-        // test DatabasePermission for any user against policy file
+        // test DatabasePermission for any user
         final SystemPrincipal anyUser
             = new SystemPrincipal("anyUser");
         final DatabasePermission dbPerm
@@ -512,7 +549,6 @@
                                      DatabasePermission.CREATE);
         execute(anyUser,
                 new CreateDatabaseAction(dbPerm), true);
-***********************************************/
     }
 
     /**
@@ -544,7 +580,6 @@
     /**
      * Tests DatabasePermission.getName() and .getActions().
      */
-/************88
     private void checkNameAndActions(DatabasePermission[] dbperm,
                                      String[] dbpath)
         throws IOException {
@@ -557,7 +592,6 @@
                          DatabasePermission.CREATE, dbp.getActions());
         }
     }
-***************/
 
     /**
      * Tests DatabasePermission.hashCode() and .equals().
@@ -705,7 +739,7 @@
             return IdUtil.getUserAuthorizationId(name);
         } catch (StandardException se) {
             throw new IllegalArgumentException(se.getMessage());
-		}
+        }
     }
 
     /**

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
Fri May 30 10:59:28 2008
@@ -20,29 +20,11 @@
 //     when testing with networkserver on a remote host, this needs to be passed in 
 //     with the NetworkServerControl start command
 
-
-// Permissions required by System Privileges
-// We are liberal here and grant these permissions to all codebases
-// (it's not a goal to make the test harness or tests secure).
-// If that is of a concern, however, copy these permissions into sections
-//   ${derbyTesting.codejar}
-//   ${derbyTesting.codeclasses}
-grant {
-  // System Privileges need to run "doAsPrivileged".
-  permission javax.security.auth.AuthPermission "doAsPrivileged";
-
-  // System Privileges need to be allowed to resolve relative directory names,
-  // which requires a property-read permission.
-  permission java.util.PropertyPermission "user.dir", "read";
-
-  // System Privileges need to be allowed to canonicalize directory names,
-  // which requires file-read permission.
-  // Because this unit test involves some relative and absolute sample paths,
-  // we liberally grant read access to all files.
-  //permission java.io.FilePermission "${user.dir}${/}-", "read"; 
-  //permission java.io.FilePermission "${/}-", "read";
-  permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
+// PLEASE NOTE WHEN EDITING: This policy file is almost identical to
+//     SystemPrivilegesPermissionTest1.policy
+// except for the SystemPrincipal authorization grants.  The duplicity of
+// information cannot be avoided unless there's an automated generation of
+// policy files as proposed by DERBY-3547 (or a policy include mechanism).
 
 // Specific test authorizations for System Privileges
 grant principal org.apache.derby.authentication.SystemPrincipal "AUTHORIZEDSYSTEMUSER" {
@@ -65,7 +47,7 @@
 };
 
 //
-// Permissions for running the test on the jars files
+// Permissions for the tests (derbyTesting.jar)
 //
 grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
   // Allow tests to install and uninstall the security manager and
@@ -75,10 +57,31 @@
   permission java.security.SecurityPermission "getPolicy";
 
   // Allow setIO to change the system err and out streams
-  permission java.lang.RuntimePermission "setIO"; 
+  //permission java.lang.RuntimePermission "setIO"; 
 
-  // derbyTesting.junit.TestConfiguration... calls System.getProperties()
+  // derbyTesting.junit.TestConfiguration... modifies System properties
   permission java.util.PropertyPermission "*", "read,write";
+
+  // System Privileges test needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+};
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+  // System Privileges framework needs to run "doAsPrivileged"
+  //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to resolve relative directory names,
+  // which requires a property-read permission
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // System Privileges framework needs to canonicalize directory names,
+  // which requires file-read permission
+  // Because this unit test involves some relative and absolute sample paths,
+  // we liberally grant read access to all files.
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
 //
@@ -92,10 +95,26 @@
   permission java.security.SecurityPermission "getPolicy";
 
   // Allow setIO to change the system err and out streams
-  permission java.lang.RuntimePermission "setIO"; 
+  //permission java.lang.RuntimePermission "setIO"; 
 
-  // derbyTesting.junit.TestConfiguration... calls System.getProperties()
+  // derbyTesting.junit.TestConfiguration... modifies System properties
   permission java.util.PropertyPermission "*", "read,write";
+
+  // System Privileges test needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to run "doAsPrivileged"
+  //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to resolve relative directory names,
+  // which requires a property-read permission
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // System Privileges framework needs to canonicalize directory names,
+  // which requires file-read permission
+  // Because this unit test involves some relative and absolute sample paths,
+  // we liberally grant read access to all files.
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
 // JUnit jar file tries to read junit.properties in the user's
@@ -111,14 +130,6 @@
     permission java.io.FilePermission "${user.dir}${/}*", "write";
 };
 
-// Due to a problem running tests/derbynet/CompatibilityTest in the old test
-// harness, permission to read junit.properties is granted to all. This can be 
-// removed when CompatibilityTest is rewritten to conform to our current Junit
-// usage. See DERBY-2076.
-grant {
-    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
-};
-
 // Ant's junit runner requires setOut to redirect the System output streams
 // to the forked JVM used when running junit tests inside Ant. Ant requires
 // forking the JVM if you want to run tests in a different directory than the

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy?rev=661797&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
Fri May 30 10:59:28 2008
@@ -0,0 +1,122 @@
+// Policy file with minimal set of permissions to run unit test for
+// Derby System Privileges (DERBY-2109).
+//
+// The test harness sets up four variables used by this policy file
+//
+// derbyTesting.codejar - URL to the jar files when they are in the classpath
+// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
+//
+// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
+// other will be set to a bogus URL like file://unused
+//
+// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
+// Only required due to a BUG (see below for more info).
+//
+// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation
+//     for XML-based tests (ex. lang/XMLBindingTest.java).
+//
+// derbyTesting.serverhost - Host name or ip where network server is started 
+// derbyTesting.clienthost - specifies the clients ip address/hostName. 
+//     when testing with networkserver on a remote host, this needs to be passed in 
+//     with the NetworkServerControl start command
+
+// PLEASE NOTE WHEN EDITING: This policy file is almost identical to
+//     SystemPrivilegesPermissionTest.policy
+// except for the SystemPrincipal authorization grants.  The duplicity of
+// information cannot be avoided unless there's an automated generation of
+// policy files as proposed by DERBY-3547 (or a policy include mechanism).
+
+//
+// Permissions for the tests (derbyTesting.jar)
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Allow tests to install and uninstall the security manager and
+  // to refresh the policy
+  permission java.util.PropertyPermission "java.security.policy", "read,write";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+
+  // Allow setIO to change the system err and out streams
+  //permission java.lang.RuntimePermission "setIO"; 
+
+  // derbyTesting.junit.TestConfiguration... modifies System properties
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // System Privileges test needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+};
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+  // System Privileges framework needs to run "doAsPrivileged"
+  //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to resolve relative directory names,
+  // which requires a property-read permission
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // System Privileges framework needs to canonicalize directory names,
+  // which requires file-read permission
+  // Because this unit test involves some relative and absolute sample paths,
+  // we liberally grant read access to all files.
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+//
+// Permissions for running the test on the class files
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+  // Allow tests to install and uninstall the security manager and
+  // to refresh the policy
+  permission java.util.PropertyPermission "java.security.policy", "read,write";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+
+  // Allow setIO to change the system err and out streams
+  //permission java.lang.RuntimePermission "setIO"; 
+
+  // derbyTesting.junit.TestConfiguration... modifies System properties
+  permission java.util.PropertyPermission "*", "read,write";
+
+  // System Privileges test needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to run "doAsPrivileged"
+  //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // System Privileges framework needs to resolve relative directory names,
+  // which requires a property-read permission
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // System Privileges framework needs to canonicalize directory names,
+  // which requires file-read permission
+  // Because this unit test involves some relative and absolute sample paths,
+  // we liberally grant read access to all files.
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+    permission java.util.PropertyPermission "user.home", "read";
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+    permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+    
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+    permission java.lang.RuntimePermission "setIO";
+    
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+};

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message