db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1060509 - in /db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4: AbortTest.java _Suite.java copyfiles.ant noAbortPermission.policy
Date Tue, 18 Jan 2011 18:25:03 GMT
Author: rhillegas
Date: Tue Jan 18 18:25:03 2011
New Revision: 1060509

URL: http://svn.apache.org/viewvc?rev=1060509&view=rev
Log:
DERBY-4869: Add tests for Connection.abort(Executor): 1) no security manager, 2) security
manager but no permission granted.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java
  (with props)
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
  (with props)
Modified:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/_Suite.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/copyfiles.ant

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java?rev=1060509&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java
Tue Jan 18 18:25:03 2011
@@ -0,0 +1,236 @@
+/*
+
+   Derby - Class org.apache.derbyTesting.functionTests.tests.jdbc4.AbortTest
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+ */
+
+package org.apache.derbyTesting.functionTests.tests.jdbc4;
+
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.CleanDatabaseTestSetup;
+import org.apache.derbyTesting.junit.JDBC;
+import org.apache.derbyTesting.junit.SecurityManagerSetup;
+import org.apache.derbyTesting.junit.SupportFilesSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+import org.apache.derbyTesting.junit.JDBCDataSource;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * Tests for the new JDBC 4.1 Connection.abort(Executor) method. This
+ * class tests the affect of SecurityManagers on the method. A related
+ * test case can be found in ConnectionMethodsTest.
+ */
+public class AbortTest extends Wrapper41Test
+{
+    ///////////////////////////////////////////////////////////////////////
+    //
+    // CONSTANTS
+    //
+    ///////////////////////////////////////////////////////////////////////
+
+    ///////////////////////////////////////////////////////////////////////
+    //
+    // STATE
+    //
+    ///////////////////////////////////////////////////////////////////////
+
+    private boolean _hasSecurityManager;
+
+    ///////////////////////////////////////////////////////////////////////
+    //
+    // CONSTRUCTOR
+    //
+    ///////////////////////////////////////////////////////////////////////
+
+    public AbortTest(String name, boolean hasSecurityManager)
+    {
+        super(name);
+        
+        _hasSecurityManager = hasSecurityManager;
+    }
+
+    ///////////////////////////////////////////////////////////////////////
+    //
+    // JUnit BEHAVIOR
+    //
+    ///////////////////////////////////////////////////////////////////////
+
+    public static Test suite()
+    {
+        TestSuite suite = new TestSuite( "AbortTest" );
+
+        suite.addTest( baseSuite( true ) );
+        suite.addTest( baseSuite( false ) );
+
+        suite.addTest
+            (
+             TestConfiguration.clientServerDecorator
+             ( baseSuite( true ) )
+             );
+        suite.addTest
+            (
+             TestConfiguration.clientServerDecorator
+             ( baseSuite( false ) )
+             );
+        
+        return suite;
+    }
+
+    public static Test baseSuite( boolean hasSecurityManager )
+    {
+        AbortTest   abortTest = new AbortTest( "test_basic", hasSecurityManager );
+        
+        Test test = new CleanDatabaseTestSetup( abortTest )
+            {
+                protected void decorateSQL( Statement s ) throws SQLException
+                {
+                    s.execute("create table abort_table( a int )");
+                }
+            };
+
+        if ( hasSecurityManager )
+        {
+            return new SecurityManagerSetup( test, "org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy"
);
+        }
+        else
+        {
+            return SecurityManagerSetup.noSecurityManager( test );
+        }
+    }
+    
+    
+    ///////////////////////////////////////////////////////////////////////
+    //
+    // TESTS
+    //
+    ///////////////////////////////////////////////////////////////////////
+
+    /**
+     * <p>
+     * Test Connection.abort(Executor) with and without a security manager.
+     * </p>
+     */
+    public  void    test_basic() throws Exception
+    {
+        //
+        // Only run if we can grant permissions to the jar files.
+        //
+        if ( !TestConfiguration.loadingFromJars() ) { return; }
+
+        println( "AbortTest( " + _hasSecurityManager + " )" );
+        assertEquals( _hasSecurityManager, (System.getSecurityManager() != null) );
+
+        // NOP if called on a closed connection
+        Connection conn0 = openUserConnection( "user0");
+        conn0.close();
+        Wrapper41Conn   wrapper0 = new Wrapper41Conn( conn0 );
+        wrapper0.abort( new ConnectionMethodsTest.DirectExecutor() );
+
+        Connection conn1 = openUserConnection( "user1");
+        conn1.setAutoCommit( false );
+        final   Wrapper41Conn   wrapper1 = new Wrapper41Conn( conn1 );
+
+        // the Executor may not be null
+        try {
+            wrapper1.abort( null );
+        }
+        catch (SQLException se)
+        {
+            assertSQLState( "XCZ02", se );
+        }
+
+        if ( _hasSecurityManager ) { missingPermission( wrapper1 ); }
+        else { noSecurityManager( wrapper1 ); }
+    }
+
+    // Run if we have a security manager. This tests that abort() fails
+    // if the caller has not been granted the correct permission.
+    private void    missingPermission( final Wrapper41Conn wrapper1 ) throws Exception
+    {
+        // should not be able to abort the connection because this code
+        // lacks the permission
+        try {
+            //
+            // This doPrivileged block absolves outer code blocks (like JUnit)
+            // of the need to be granted SQLPermission( "callAbort" ). However,
+            // derbyTesting.jar still needs that permission.
+            //
+            AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object    run() throws Exception
+                     {
+                         ConnectionMethodsTest.DirectExecutor  executor = new ConnectionMethodsTest.DirectExecutor();
+                         wrapper1.abort( executor );
+                         return null;
+                     }
+                 }
+                 );
+            fail( "The call to Connection.abort(Executor) should have failed." );
+        }
+        catch (Exception e)
+        {
+            assertTrue( e instanceof AccessControlException );
+        }
+    }
+
+    // Run if we don't have a security manager. Verifies that abort() is uncontrolled
+    // in that situation.
+    private void    noSecurityManager(  final Wrapper41Conn wrapper1  ) throws Exception
+    {
+        PreparedStatement   ps = prepareStatement
+            ( wrapper1.getWrappedObject(), "insert into app.abort_table( a ) values ( 1 )"
);
+        ps.execute();
+        ps.close();
+
+        // abort the connection
+        ConnectionMethodsTest.DirectExecutor  executor = new ConnectionMethodsTest.DirectExecutor();
+        wrapper1.abort( executor );
+
+        // verify that the connection is closed
+        try {
+            prepareStatement( wrapper1.getWrappedObject(), "select * from sys.systables"
);
+            fail( "Connection should be dead!" );
+        }
+        catch (SQLException se)
+        {
+            assertSQLState( "08003", se );
+        }
+
+        // verify that the changes were rolled back
+        Connection conn2 = openUserConnection( "user2");
+        ps = prepareStatement( conn2, "select * from app.abort_table" );
+        ResultSet   rs = ps.executeQuery();
+        assertFalse( rs.next() );
+        rs.close();
+        ps.close();
+        conn2.close();
+    }
+
+}

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/AbortTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/_Suite.java?rev=1060509&r1=1060508&r2=1060509&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/_Suite.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/_Suite.java
Tue Jan 18 18:25:03 2011
@@ -75,6 +75,7 @@ public class _Suite extends BaseTestCase
         suite.addTest (JDBC4FromJDBC3DataSourceTest.suite());
         suite.addTest(Derby3650Test.suite());
         suite.addTest(Derby2017LayerBTest.suite());
+        suite.addTest(AbortTest.suite());
 		
 		return suite;
 	}

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/copyfiles.ant
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/copyfiles.ant?rev=1060509&r1=1060508&r2=1060509&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/copyfiles.ant
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/copyfiles.ant
Tue Jan 18 18:25:03 2011
@@ -1,2 +1,3 @@
 default_app.properties
 TestRowId_app.properties
+noAbortPermission.policy

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy?rev=1060509&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
Tue Jan 18 18:25:03 2011
@@ -0,0 +1,400 @@
+//
+// *  Derby - Class org.apache.derbyTesting.functionTests.util.derby_tests.policy
+// *  
+// * Licensed to the Apache Software Foundation (ASF) under one
+// * or more contributor license agreements.  See the NOTICE file
+// * distributed with this work for additional information
+// * regarding copyright ownership.  The ASF licenses this file
+// * to you under the Apache License, Version 2.0 (the
+// * "License"); you may not use this file except in compliance
+// * with the License.  You may obtain a copy of the License at
+// *
+// *   http://www.apache.org/licenses/LICENSE-2.0
+// *
+// * Unless required by applicable law or agreed to in writing,
+// * software distributed under the License is distributed on an
+// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// * KIND, either express or implied.  See the License for the
+// * specific language governing permissions and limitations
+// * under the License.
+// *
+
+//
+// Copy of derby_tests.policy except that the abort permission is
+// not granted to derbyTesting.jar.
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+      "write"; 
+  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+  permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
+  permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
+  
+  // unit tests (e.g. store/T_RecoverFullLog) set this property 
+  // (called from derbyTesting.jar through code in derby.jar)
+  permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";
+
+  permission java.lang.RuntimePermission "createClassLoader";
+
+  // getProtectionDomain is an optional permission needed for printing classpath
+  // information to derby.log
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
+  permission java.security.SecurityPermission "getPolicy";
+  
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+  // [DERBY-2000] The write permission was added to allow creation of the
+  // derby.system.home directory when running tests under a security manager.
+  permission java.io.FilePermission "${derby.system.home}", "read, write";
+  
+  // all databases under derby.system.home 
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+  // Import/export and other support files from these locations in tests
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,  write, delete";
+  permission java.io.FilePermission "${user.dir}${/}extout${/}-", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}extinout", "read,write";
+  
+  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+  // JDK14 has the JCE  preloaded
+  permission java.security.SecurityPermission "insertProvider.SunJCE";
+  permission java.security.SecurityPermission "insertProvider.IBMJCE";
+  
+//
+// Permissions needed for JMX based management and monitoring, which is only
+// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
+//
+// Allows this code to create an MBeanServer:
+//
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+//
+// Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
+// Derby must be allowed to register and unregister these MBeans.
+// To fine tune this permission, see the javadoc of javax.management.MBeanPermission
+// or the JMX Instrumentation and Agent Specification.
+//
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
+//
+// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
+//
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for jmx to be used against Derby but
+  // only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";  
+ 
+  // These permissions are needed when testing code instrumented with EMMA.
+  // They will only be used if the emma.active system property property is set,
+  // which should be set to "" for the permissions to be correct.
+  permission java.util.PropertyPermission "${emma.active}user.dir", "read";
+  permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read, write";
+  permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+  
+  // These permissions are needed by AssertFailure to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+
+  // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
+  permission java.sql.SQLPermission "callAbort";
+};
+
+//
+// Permissions for the network server (derbynet.jar)
+//
+grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+  permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
+  permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
+  
+  // accept is needed for the server accepting connections
+  // connect is needed for ping command (which is in the server jar)
+  permission java.net.SocketPermission "127.0.0.1", "accept,connect";
+  permission java.net.SocketPermission "localhost", "accept,connect";
+  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+  // Need to be able to write to trace file for NetworkServerControlApiTest
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace", "write"; 
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; 
+    // Needed for NetworkServerMBean access (see JMX section above)
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+  
+};
+
+//
+// Permissions for the network client (derbyclient.jar)
+//
+grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
+  permission java.net.SocketPermission "localhost", "connect,resolve";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+  // DERBY-1883: Since some classes that are included in both derby.jar and
+  // derbyclient.jar read properties, derbyclient.jar needs permission to read
+  // derby.* properties to avoid failures when it is listed before derby.jar in
+  // the classpath.
+  permission java.util.PropertyPermission "derby.*", "read";
+
+  // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order
to
+  // do tracing in that directory. Also, it needs read/write permissions in user.dir in order
+  // to create the trace files in that directory.
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission java.io.FilePermission "${user.dir}${/}-", "read, write"; 
+  
+  // These permissions are needed by AssertFailure to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+
+  // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
+  permission java.sql.SQLPermission "callAbort";
+  
+};
+
+//
+// Permissions for the tools (derbytools.jar)
+// Ideally this would be more secure, for now the
+// focus is on getting the engine & network server secure.
+//
+grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+  // Access all properties using System.getProperties -
+  // ij enumerates the properties in order to open connections
+  // for any property set in ij.connection.* and set protocols
+  // for any property in ij.protocol.*
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  // Read all files under ${user.dir}
+  permission java.io.FilePermission "${user.dir}${/}-", "read";
+  
+  // IjTestCases read, write, and delete ij's output in the extinout dir
+  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read, write, delete";
+ 
+  // ij needs permission to read the sql files in this jar
+  permission java.io.FilePermission "${derbyTesting.testjarpath}", "read";
+  
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+// We are liberal here, it's not a goal to make the test harness
+// or tests secure.
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Access all properties using System.getProperties
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  // Access all files under ${user.dir}to write the test directory structure
+  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+  permission java.lang.RuntimePermission "setIO";  
+
+  // These permissions are needed to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  
+  // Allow MBeanTest to register the application management MBean.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]",
"instantiate";
+  permission javax.management.MBeanTrustPermission "register";
+   
+  // And to find and use Derby's MBeans
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]",
"getAttribute,invoke";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"getMBeanInfo";
+  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"queryNames";
+  
+  // Test code needs this as well for the platform MBeanServer
+  // tests where the testing code is in the stack frame.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // useful for debugging
+  //permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // Remove this permission so that we can test the case of
+  // applications which have not been granted the privilege to
+  // abort physical connections.
+  //permission java.sql.SQLPermission "callAbort";
+  
+  // These permissions are needed when testing code instrumented with EMMA.
+  permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+};
+
+//
+// super-set of the jar permissions for running out of the classes directory
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+  // Access all properties using System.getProperties
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.lang.RuntimePermission "createClassLoader";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
+  permission java.security.SecurityPermission "getPolicy";
+   
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+  permission java.io.FilePermission "${derby.system.home}", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+  // combination of client and server side.
+  permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
+  permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+  
+  // Access all files under ${user.dir}to write the test directory structure
+  // Also covers extin, extout and extinout locations
+  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
+    
+  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+  // JDK14 has the JCE  preloaded
+  permission java.security.SecurityPermission "insertProvider.SunJCE";
+  permission java.security.SecurityPermission "insertProvider.IBMJCE";
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.lang.RuntimePermission "setIO"; 
+
+  // These permissions are needed by stress.multi to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  
+    // Allow MBeanTest to register the application management MBean.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]",
"instantiate";
+  permission javax.management.MBeanTrustPermission "register";
+  
+  // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
+  
+   
+  // And to find and use Derby's MBeans
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]",
"getAttribute,invoke";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"getMBeanInfo";
+  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"queryNames";
+  
+  // Test code needs this as well for the platform MBeanServer
+  // tests where the testing code is in the stack frame.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+    permission java.util.PropertyPermission "user.home", "read";
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+    permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+  
+    // These permissions are needed when testing code instrumented with EMMA.
+    permission java.util.PropertyPermission "${emma.active}user.dir", "read";
+    permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read,
write";
+    permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+};
+
+// Due to a problem running tests/derbynet/CompatibilityTest in the old test
+// harness, permission to read junit.properties is granted to all. This can be 
+// removed when CompatibilityTest is rewritten to conform to our current Junit
+// usage. See DERBY-2076.
+grant {
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+    permission java.lang.RuntimePermission "setIO";
+
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+
+    // These permissions are needed when testing code instrumented with EMMA.
+    permission java.util.PropertyPermission "${emma.active}user.dir", "read";
+    permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read,
write";
+    permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+};
+
+// functionTests.tests.lang.RoutineSecurityTest requires this grant
+// to check to see if permissions are granted through generated code
+// through this mechanism.
+grant {
+    permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read";
+};
+
+// When inserting XML values that use external DTD's, the JAXP parser
+// needs permission to read the DTD files.  We assume that all DTD
+// files will be copied to extin/ by whichever tests need them.  So
+// grant the JAXP parser permissions to read that directory.
+grant codeBase "${derbyTesting.jaxpjar}" {
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+};
+
+
+// These permissions are needed when testing code instrumented with EMMA.
+// They are all related to writing coverage statistics to a file that by default
+// is named coverage.ec placed in the directory where the test is executed.
+grant codeBase "${derbyTesting.emma}" {
+    permission java.util.PropertyPermission "user.dir", "read";
+    permission java.io.FilePermission "${user.dir}${/}coverage.ec", "read, write";
+    permission java.lang.RuntimePermission "writeFileDescriptor";
+};
+
+// Permissions for package-private tests run from 'classes.pptesting'
+grant codeBase "${derbyTesting.ppcodeclasses}" {
+
+  // Needed for ProtocolTest - allows connection to a server
+  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
+  permission java.net.SocketPermission "localhost", "connect,resolve";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+  // Allows reading support files in 'extin'
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+};

Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message