db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "AnalyzingSecurityManagerIssues" by MyrnavanLunteren
Date Tue, 05 Nov 2013 22:54:13 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The "AnalyzingSecurityManagerIssues" page has been changed by MyrnavanLunteren:
https://wiki.apache.org/db-derby/AnalyzingSecurityManagerIssues

New page:
= How to analyze a Security Manager Issue =
== Introduction ==
Java has the concept of Security Manager. You can read up on this here: http://docs.oracle.com/javase/7/docs/api/java/lang/SecurityManager.html,
and for more detail: http://docs.oracle.com/javase/7/docs/technotes/guides/security/ and http://www.oracle.com/technetwork/java/seccodeguide-139067.html

In simple terms, running under SecurityManager involves the following aspects:

 * Policy File

 . The Policy File is a File which specifies what ''Permissions ''are ''grant''ed  to individual
classes, jar files, or groups of these. The files can be  called anything but are typically
having the extension .policy.

 . For example, the derby tests run with a policy file  (java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy)
 which grants quite extensive permissions. Other tests add more specific  permissions.

 . There are also default policy files for network server  ('(java/drda/)org/apache/derby/drda/template.policy',
 (java/drda/)org/apache/derby/drda/server.policy') which grant basic  permissions so network
server can do its work.

 . At the most extensive, a policy file looks like this (not a good thing in production, but
might be useful sometimes)

{{{
// default permissions granted to all domains
grant {
    permission java.security.AllPermission
};
}}}
 * Privileged Block

 . A section of code which, when running under SecurityManager, requires a  certain permission,
has to be wrapped in a 'Privileged Block'. For  instance, code that needs to check on a system
property, or read or  write to a file, would need this.

 . For examples of Privileged Block code, see: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/PrivilegedFileOpsForTests.java?revision=1537394&view=markup
or http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TimeZoneTestSetup.java?revision=1524579&view=markup

 * Running without SecurityManager

 . Unless you specify to run with security manager, you run java code without Security Manager.

 . Note that the Derby functional tests always run with security manager, as do many other
programs (such as tomcat).

 * Running with SecurityManager

 . To run with Security Manager, you either set the Security Manager in  the program (find
examples on line if you want to do this), or you start  the java program with the following:
-Djava.security.Manager  -Djava.security.policy=[path to previously created policyfile]

 * java.lang.SecurityException and java.security.AccessControlException

 . Code that should, but does not have permission, gets refused by the  SecurityManager, which
usually means you will get a  java.security.AccessControlException('Access denied'). See for
an  example of this https://issues.apache.org/jira/browse/DERBY-6349.

== Debugging a Security Issue ==
Typically an indication that you are dealing with a security manager  issue is that you get
an "access denied" error.  There are three types  of Security Manager issues you might encounter:

 * security manager issues where the customer application is at fault
 * security manager issues where the java class library is at fault
 * security manager issues where the derby code is at fault.

The first step to debugging a security manager issue is to determine  which class library
is at fault. First identify what java API call is  being made. For this you need the stack
trace from the Exception.

If it's the customer application, you're done, you just need to tell  them.  If it's a Java
class Library, you need to create a test case,  with a program and a policy file. If it's
a Derby problem, you need to  add a privileged block and/or adjust the policy files.

=== Example 1: Java Class Library ===
==== Step 1: Analyze the Stack Trace: ====

Mime
View raw message