Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 67402 invoked from network); 8 May 2008 23:50:47 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 May 2008 23:50:47 -0000 Received: (qmail 62817 invoked by uid 500); 8 May 2008 23:50:49 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 62787 invoked by uid 500); 8 May 2008 23:50:49 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 62776 invoked by uid 99); 8 May 2008 23:50:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 May 2008 16:50:49 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 May 2008 23:50:02 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id DBFFB238899B; Thu, 8 May 2008 16:50:22 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r654656 - in /db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests: master/xaJNDI.out tests/jdbcapi/XAJNDITest.java tests/jdbcapi/XAJNDITest.policy tests/jdbcapi/xaJNDI.java Date: Thu, 08 May 2008 23:50:22 -0000 To: derby-commits@db.apache.org From: myrnavl@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080508235022.DBFFB238899B@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: myrnavl Date: Thu May 8 16:50:22 2008 New Revision: 654656 URL: http://svn.apache.org/viewvc?rev=654656&view=rev Log: DERBY-3659 ; convert xaJNDI to junit test XAJNDITest. Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java (with props) db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy (with props) Removed: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/xaJNDI.out db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/xaJNDI.java Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java?rev=654656&view=auto ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java (added) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java Thu May 8 16:50:22 2008 @@ -0,0 +1,232 @@ +package org.apache.derbyTesting.functionTests.tests.jdbcapi; + +import java.io.File; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Hashtable; + +import javax.naming.Context; +import javax.naming.NamingException; +import javax.naming.directory.InitialDirContext; +import javax.sql.XADataSource; + +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.derbyTesting.junit.BaseJDBCTestCase; +import org.apache.derbyTesting.junit.J2EEDataSource; +import org.apache.derbyTesting.junit.JDBC; +import org.apache.derbyTesting.junit.JDBCDataSource; +import org.apache.derbyTesting.junit.SecurityManagerSetup; +import org.apache.derbyTesting.junit.SupportFilesSetup; +import org.apache.derbyTesting.junit.TestConfiguration; + +public class XAJNDITest extends BaseJDBCTestCase { + private static String ldapServer; + private static String ldapPort; + private static String dnString; + private InitialDirContext ic = getInitialDirContext(); + + + //to create own policy file + private static String POLICY_FILE_NAME = + "functionTests/tests/jdbcapi/XAJNDITest.policy"; + private static String TARGET_POLICY_FILE_NAME = "derby_tests.policy"; + + public XAJNDITest(String name) { + super(name); + } + + public static Test suite() { + // the test requires XADataSource to run, so check for JDBC3 support + if (JDBC.vmSupportsJDBC3()) { + ldapServer=getSystemProperty("derbyTesting.ldapServer"); + if (ldapServer == null || ldapServer.length() < 1) + return new TestSuite("XAJNDITest requires property derbyTesting.ldapServer set, eg: -DderbyTesting.ldapServer=myldapserver.myorg.org"); + ldapPort=getSystemProperty("derbyTesting.ldapPort"); + if (ldapPort == null || ldapPort.length() < 1) + return new TestSuite("XAJNDITest requires property derbyTesting.ldapPort set, eg: -DderbyTesting.ldapPort=333"); + dnString=getSystemProperty("derbyTesting.dnString"); + if (dnString == null || dnString.length() < 1) + return new TestSuite("XAJNDITest requires property derbyTesting.dnString for setting o=, eg: -DderbyTesting.dnString=myJNDIstring"); + + Test test = decorateWithPolicy + (TestConfiguration.defaultSuite(XAJNDITest.class)); + return test; + } + return new TestSuite("XAJNDITest cannot run without XA support"); + } + + // grant ALL FILES execute, and getPolicy permissions, as well + // as resolve/connect for the ldap server identified with the property + private static Test decorateWithPolicy(Test test) { + String ldapPolicyName = new XAJNDITest("test").makeServerPolicyName(); + // + // Install a security manager using the initial policy file. + // + test = new SecurityManagerSetup(test,ldapPolicyName ); + // Copy over the policy file we want to use. + // + test = new SupportFilesSetup( + test, null, new String[] {POLICY_FILE_NAME}, + null, new String[] {TARGET_POLICY_FILE_NAME} + ); + return test; + } + + + /** + * Construct the name of the server policy file. + */ + private String makeServerPolicyName() + { + try { + String userDir = getSystemProperty( "user.dir" ); + String fileName = userDir + File.separator + SupportFilesSetup.EXTINOUT + File.separator + TARGET_POLICY_FILE_NAME; + File file = new File( fileName ); + String urlString = file.toURL().toExternalForm(); + + return urlString; + } + catch (Exception e) + { + System.out.println( "Unexpected exception caught by makeServerPolicyName(): " + e ); + + return null; + } + } + + public void tearDown() throws Exception { + ldapServer=null; + ldapPort=null; + // need to hold on to dnString value and ic as the fixture runs + // twice (embedded & networkserver) and they're used inside it + POLICY_FILE_NAME=null; + TARGET_POLICY_FILE_NAME=null; + super.tearDown(); + } + + private InitialDirContext getInitialDirContext() + { + try { + Hashtable env = new Hashtable(); + env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + // using a property - these will have to be passed in somehow. + env.put(Context.PROVIDER_URL, "ldap://" + ldapServer + ":" + ldapPort); + env.put(Context.SECURITY_AUTHENTICATION, "simple"); + return new InitialDirContext(env); + } catch (NamingException ne) { + fail("naming exception "); + return null; + } + } + + public void testCompareXADataSourcewithJNDIDataSource() + throws Exception + { + XADataSource xads = J2EEDataSource.getXADataSource(); + String dbName = TestConfiguration.getCurrent().getDefaultDatabaseName(); + JDBCDataSource.setBeanProperty(xads, "databaseName", dbName); + JDBCDataSource.setBeanProperty(xads, "createDatabase", "create"); + JDBCDataSource.setBeanProperty(xads, "description", "XA DataSource"); + + ic.rebind("cn=compareDS, o=" + dnString, xads); + javax.sql.XADataSource ads = + (javax.sql.XADataSource)ic.lookup("cn=compareDS, o=" + dnString); + // At this point, the directly created xads should be matching the looked up one. + if (usingEmbedded()) + { + assertEquals(xads, ads); + } + else + { + // DERBY-3669; with DerbyNetClient, the original and looked-up + // xadatasource are not the same...So, compare piece by piece: + // When fixed, rest of else can be replaced by uncommenting + // next line + //assertEquals(xads,ads); + String[] orgprops = getPropertyBeanList(xads); + String[] bindprops = getPropertyBeanList(ads); + assertEquals(orgprops.length, bindprops.length); + // following is actually checked in DataSourceReferenceTest + for (int i=0;i password + // getRetrieveMessageText -> retrieveMessageText + String beanName = methodName.substring(3,4).toLowerCase() + + methodName.substring(4); + + properties.add(beanName); + } else { + assertFalse("Method '" + methodName + "' with primitive " + + "return type not supported - update test!!", + rt.isPrimitive()); + } + } + return (String[])properties.toArray(new String[properties.size()]); + } +} \ No newline at end of file Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.java ------------------------------------------------------------------------------ svn:eol-style = native Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy?rev=654656&view=auto ============================================================================== --- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy (added) +++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy Thu May 8 16:50:22 2008 @@ -0,0 +1,363 @@ +// +// * Derby - Class org.apache.derbyTesting.functionTests.tests.lang.SimpleTest +// * +// * Licensed to the Apache Software Foundation (ASF) under one +// * or more contributor license agreements. See the NOTICE file +// * distributed with this work for additional information +// * regarding copyright ownership. The ASF licenses this file +// * to you under the Apache License, Version 2.0 (the +// * "License"); you may not use this file except in compliance +// * with the License. You may obtain a copy of the License at +// * +// * http://www.apache.org/licenses/LICENSE-2.0 +// * +// * Unless required by applicable law or agreed to in writing, +// * software distributed under the License is distributed on an +// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// * KIND, either express or implied. See the License for the +// * specific language governing permissions and limitations +// * under the License. +// * + +// +// Policy file with minimal set of permissions to run derby's +// functional tests. +// +// The test harness sets up four variables used by this policy file +// +// derbyTesting.codejar - URL to the jar files when they are in the classpath +// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath +// +// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the +// other will be set to a bogus URL like file://unused +// +// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses. +// Only required due to a BUG (see below for more info). +// +// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation +// for XML-based tests (ex. lang/XMLBindingTest.java). +// +// derbyTesting.serverhost - Host name or ip where network server is started +// derbyTesting.clienthost - specifies the clients ip address/hostName. +// when testing with networkserver on a remote host, this needs to be passed in +// with the NetworkServerControl start command + +// +// Permissions for the embedded engine (derby.jar) +// +grant codeBase "${derbyTesting.codejar}derby.jar" { + permission java.util.PropertyPermission "derby.*", "read"; +permission java.util.PropertyPermission "derby.storage.jvmInstanceId", + "write"; + permission java.util.PropertyPermission "java.class.path", "read";//sysinfo + + // unit tests (e.g. store/T_RecoverFullLog) set this property + // (called from derbyTesting.jar through code in derby.jar) + permission java.util.PropertyPermission "derbyTesting.unittest.*", "write"; + + permission java.lang.RuntimePermission "createClassLoader"; + permission java.security.SecurityPermission "getPolicy"; + + permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read"; + permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete"; + // [DERBY-2000] The write permission was added to allow creation of the + // derby.system.home directory when running tests under a security manager. + permission java.io.FilePermission "${derby.system.home}", "read, write"; + + // all databases under derby.system.home + permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete"; + + // Import/export and other support files from these locations in tests + permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read"; + permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read, write, delete"; + permission java.io.FilePermission "${user.dir}${/}extout${/}-", "read,write"; + permission java.io.FilePermission "${user.dir}${/}extinout", "read,write"; + + // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131. + // JDK14 has the JCE preloaded + permission java.security.SecurityPermission "insertProvider.SunJCE"; + permission java.security.SecurityPermission "insertProvider.IBMJCE"; + +// +// Permissions needed for JMX based management and monitoring, which is only +// available for JVMs supporting "platform management", that is J2SE 5.0 or better. +// +// Allows this code to create an MBeanServer: +// + permission javax.management.MBeanServerPermission "createMBeanServer"; +// +// Allows access to Derby's built-in MBeans, within the domain org.apache.derby. +// Derby must be allowed to register and unregister these MBeans. +// To fine tune this permission, see the javadoc of javax.management.MBeanPermission +// or the JMX Instrumentation and Agent Specification. +// + permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean"; +// +// Trusts Derby code to be a source of MBeans and to register these in the MBean server. +// + permission javax.management.MBeanTrustPermission "register"; + + // Gives permission for jmx to be used against Derby but + // only if JMX authentication is not being used. + // In that case the application would need to create + // a whole set of fine-grained permissions to allow specific + // users access to MBeans and actions they perform. + permission org.apache.derby.security.SystemPermission "jmx", "control"; + permission org.apache.derby.security.SystemPermission "engine", "monitor"; + permission org.apache.derby.security.SystemPermission "server", "monitor"; + + // These permissions are needed when testing code instrumented with EMMA. + // They will only be used if the emma.active system property property is set, + // which should be set to "" for the permissions to be correct. + permission java.util.PropertyPermission "${emma.active}user.dir", "read"; + permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read, write"; + permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor"; +}; + +// +// Permissions for the network server (derbynet.jar) +// +grant codeBase "${derbyTesting.codejar}derbynet.jar" { + permission java.util.PropertyPermission "java.class.path", "read";//sysinfo + + // accept is needed for the server accepting connections + // connect is needed for ping command (which is in the server jar) + permission java.net.SocketPermission "127.0.0.1", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; + permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + + // Needed for NetworkServerMBean access (see JMX section above) + permission org.apache.derby.security.SystemPermission "server", "control,monitor"; + +}; + +// +// Permissions for the network client (derbyclient.jar) +// +grant codeBase "${derbyTesting.clientjar}derbyclient.jar" { + permission java.net.SocketPermission "127.0.0.1", "connect,resolve"; + permission java.net.SocketPermission "localhost", "connect,resolve"; + permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; + + // DERBY-1883: Since some classes that are included in both derby.jar and + // derbyclient.jar read properties, derbyclient.jar needs permission to read + // derby.* properties to avoid failures when it is listed before derby.jar in + // the classpath. + permission java.util.PropertyPermission "derby.*", "read"; + + // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to + // do tracing in that directory. Also, it needs read/write permissions in user.dir in order + // to create the trace files in that directory. + permission java.util.PropertyPermission "user.dir", "read"; + permission java.io.FilePermission "${user.dir}${/}-", "read, write"; +}; + +// +// Permissions for the tools (derbytools.jar) +// Ideally this would be more secure, for now the +// focus is on getting the engine & network server secure. +// +grant codeBase "${derbyTesting.codejar}derbytools.jar" { + // Access all properties using System.getProperties - + // ij enumerates the properties in order to open connections + // for any property set in ij.connection.* and set protocols + // for any property in ij.protocol.* + permission java.util.PropertyPermission "*", "read, write"; + + // Read all files under ${user.dir} + permission java.io.FilePermission "${user.dir}${/}-", "read"; + + // IjTestCases read, write, and delete ij's output in the extinout dir + permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read, write, delete"; + + // ij needs permission to read the sql files in this jar + permission java.io.FilePermission "${derbyTesting.testjarpath}", "read"; +}; + +// +// Permissions for the tests (derbyTesting.jar) +// We are liberal here, it's not a goal to make the test harness +// or tests secure. +// +grant codeBase "${derbyTesting.testjar}derbyTesting.jar" { + // Access all properties using System.getProperties + permission java.util.PropertyPermission "*", "read, write"; + + // Access all files under ${user.dir}to write the test directory structure + permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; + + // When running with useprocess=false need to install and uninstall + // the security manager and allow setIO to change the system err and out + // streams. Currently the nist suite runs with useprocess=false. + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "getPolicy"; + permission java.lang.RuntimePermission "setIO"; + + // These permissions are needed by stress.multi to dump the thread stack + // traces upon failure. + permission java.lang.RuntimePermission "getStackTrace"; + permission java.lang.RuntimePermission "modifyThreadGroup"; + + // Allow MBeanTest to register the application management MBean. + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate"; + permission javax.management.MBeanTrustPermission "register"; + + // And to find and use Derby's MBeans + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo"; + permission javax.management.MBeanPermission "-#-[-]", "queryNames"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames"; + + // Test code needs this as well for the platform MBeanServer + // tests where the testing code is in the stack frame. + permission org.apache.derby.security.SystemPermission "jmx", "control"; + permission org.apache.derby.security.SystemPermission "engine", "monitor"; + permission org.apache.derby.security.SystemPermission "server", "control,monitor"; + + // These permissions are needed when testing code instrumented with EMMA. + permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor"; + + // resolve is needed to run ldap related tests + permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"; +}; + +// +// super-set of the jar permissions for running out of the classes directory +// +grant codeBase "${derbyTesting.codeclasses}" { + // Access all properties using System.getProperties + permission java.util.PropertyPermission "*", "read, write"; + + permission java.util.PropertyPermission "derby.*", "read"; + permission java.lang.RuntimePermission "createClassLoader"; + permission java.security.SecurityPermission "getPolicy"; + + permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read"; + permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete"; + permission java.io.FilePermission "${derby.system.home}", "read"; + permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete"; + + // combination of client and server side. + permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; + permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; + + // resolve is needed to run ldap related tests + permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"; + + // Access all files under ${user.dir}to write the test directory structure + // Also covers extin, extout and extinout locations + permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; + + // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131. + // JDK14 has the JCE preloaded + permission java.security.SecurityPermission "insertProvider.SunJCE"; + permission java.security.SecurityPermission "insertProvider.IBMJCE"; + + // When running with useprocess=false need to install and uninstall + // the security manager and allow setIO to change the system err and out + // streams. Currently the nist suite runs with useprocess=false. + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.lang.RuntimePermission "setIO"; + + // These permissions are needed by stress.multi to dump the thread stack + // traces upon failure. + permission java.lang.RuntimePermission "getStackTrace"; + permission java.lang.RuntimePermission "modifyThreadGroup"; + + // Allow MBeanTest to register the application management MBean. + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate"; + permission javax.management.MBeanTrustPermission "register"; + + // Allows access to Derby's built-in MBeans, within the domain org.apache.derby. + permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean"; + + + // And to find and use Derby's MBeans + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo"; + permission javax.management.MBeanPermission "-#-[-]", "queryNames"; + permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames"; + + // Test code needs this as well for the platform MBeanServer + // tests where the testing code is in the stack frame. + permission org.apache.derby.security.SystemPermission "jmx", "control"; + permission org.apache.derby.security.SystemPermission "engine", "monitor"; + permission org.apache.derby.security.SystemPermission "server", "control,monitor"; +}; + +// JUnit jar file tries to read junit.properties in the user's +// home directory and seems to require permission to read the +// property user.home as well. +// junit.swingui.TestRunner writes to .junitsession on exit. +grant codeBase "${derbyTesting.junit}" { + permission java.util.PropertyPermission "user.home", "read"; + permission java.io.FilePermission "${user.home}${/}junit.properties", "read"; + permission java.io.FilePermission "${user.home}${/}.junitsession", "write"; + + // This permission is needed when running the tests using ant 1.7 + permission java.io.FilePermission "${user.dir}${/}*", "write"; + + // These permissions are needed when testing code instrumented with EMMA. + permission java.util.PropertyPermission "${emma.active}user.dir", "read"; + permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read, write"; + permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor"; + + // resolve is needed to run ldap related tests + permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"; +}; + +// Due to a problem running tests/derbynet/CompatibilityTest in the old test +// harness, permission to read junit.properties is granted to all. This can be +// removed when CompatibilityTest is rewritten to conform to our current Junit +// usage. See DERBY-2076. +grant { + permission java.io.FilePermission "${user.home}${/}junit.properties", "read"; +}; + +// Ant's junit runner requires setOut to redirect the System output streams +// to the forked JVM used when running junit tests inside Ant. Ant requires +// forking the JVM if you want to run tests in a different directory than the +// current one. +grant codeBase "${derbyTesting.antjunit}" { + permission java.lang.RuntimePermission "setIO"; + + // This permission is needed when running the tests using ant 1.7 + permission java.io.FilePermission "${user.dir}${/}*", "write"; + + // These permissions are needed when testing code instrumented with EMMA. + permission java.util.PropertyPermission "${emma.active}user.dir", "read"; + permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read, write"; + permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor"; +}; + +// functionTests.tests.lang.RoutineSecurityTest requires this grant +// to check to see if permissions are granted through generated code +// through this mechanism. +grant { + permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read"; +}; + +// When inserting XML values that use external DTD's, the JAXP parser +// needs permission to read the DTD files. We assume that all DTD +// files will be copied to extin/ by whichever tests need them. So +// grant the JAXP parser permissions to read that directory. +grant codeBase "${derbyTesting.jaxpjar}" { + permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read"; +}; + + +// These permissions are needed when testing code instrumented with EMMA. +// They are all related to writing coverage statistics to a file that by default +// is named coverage.ec placed in the directory where the test is executed. +grant codeBase "${derbyTesting.emma}" { + permission java.util.PropertyPermission "user.dir", "read"; + permission java.io.FilePermission "${user.dir}${/}coverage.ec", "read, write"; + permission java.lang.RuntimePermission "writeFileDescriptor"; +}; Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XAJNDITest.policy ------------------------------------------------------------------------------ svn:eol-style = native