db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r1609717 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/services/monitor/ engine/org/apache/derby/loc/ shared/org/apache/derby/shared/common/reference/ testing/org/apache/derbyTesting/unitTests/junit/
Date Fri, 11 Jul 2014 14:41:30 GMT
Author: dag
Date: Fri Jul 11 14:41:29 2014
New Revision: 1609717

URL: http://svn.apache.org/r1609717
Log:
DERBY-6617 Silently swallowed SecurityExceptions may disable Derby features, including security
features.

Patch derby-6617-2. With reference to the list of issues mentioned in the JIRA, the following
"silent swallows" are addressed with this patch:

* FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 157

These are not addressed in code yet:

  BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1 line 1360
  BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
  FileMonitor createDaemonGroup Catch java.lang.SecurityException 1 line 89

A new test (MissingPermissionsTest) has been added to verify that we
get errors in either derby.log or on the console's standard error
(depending on what's possible) if we see a SecurityException in the
former "silent" swallow location.

In the case of FileMonitor line 157, the boot fails so we show the
error on the console (i.e. standard error). In order for that to
happen, we added a flushing of the temporary in-memory error log,
cf. added call to dumpTempWriter if we fail BaseMonitor#initialize in
console.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
    db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
    db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java?rev=1609717&r1=1609716&r2=1609717&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
Fri Jul 11 14:41:29 2014
@@ -245,8 +245,10 @@ abstract class BaseMonitor
 		logging = log;
 
 		// false indicates the full monitor is required, not the lite.
-		if (!initialize(false))
-			return;
+        if (!initialize(false)) {
+            dumpTempWriter(true);
+            return;
+        }
 
 		// if monitor is already set then the system is already
 		// booted or in the process of booting or shutting down.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java?rev=1609717&r1=1609716&r2=1609717&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
Fri Jul 11 14:41:29 2014
@@ -29,11 +29,15 @@ import java.io.PrintWriter;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Properties;
 import org.apache.derby.iapi.reference.Property;
+import org.apache.derby.iapi.services.i18n.MessageService;
 import org.apache.derby.iapi.services.info.ProductGenusNames;
 import org.apache.derby.iapi.services.info.ProductVersionHolder;
 import org.apache.derby.iapi.services.io.FileUtil;
+import org.apache.derby.shared.common.reference.MessageId;
 
 /**
 	Implementation of the monitor that uses the class loader
@@ -119,6 +123,7 @@ public final class FileMonitor extends B
 			systemHome = System.getProperty(Property.SYSTEM_HOME_PROPERTY);
 		} catch (SecurityException se) {
 			// system home will be the current directory
+            report(se, Property.SYSTEM_HOME_PROPERTY);
 			systemHome = null;
 		}
 
@@ -155,6 +160,7 @@ public final class FileMonitor extends B
                         FileUtil.limitAccessToOwner(home);
                     }
 				} catch (SecurityException se) {
+                    report(se, home);
 					return false;
                 } catch (IOException ioe) {
                     return false;
@@ -181,10 +187,41 @@ public final class FileMonitor extends B
 			// SECURITY PERMISSION - OP1
 			return System.getProperty(key);
 		} catch (SecurityException se) {
+            report(se, key);
 			return null;
 		}
 	}
 
+
+    private final static Map<String, Void> securityProperties =
+            new HashMap<String, Void>();
+    static {
+        securityProperties.put("derby.authentication.builtin.algorithm", null);
+        securityProperties.put("derby.authentication.provider", null);
+        securityProperties.put("derby.database.fullAccessUsers", null);
+        securityProperties.put("derby.database.readOnlyAccessUsers", null);
+        securityProperties.put("derby.database.sqlAuthorization", null);
+        securityProperties.put("derby.connection.requireAuthentication", null);
+        securityProperties.put("derby.database.defaultConnectionMode", null);
+        securityProperties.put("derby.storage.useDefaultFilePermissions", null);
+        securityProperties.put(Property.SYSTEM_HOME_PROPERTY, null);
+    };
+
+    private void report(SecurityException e, String key) {
+         if (securityProperties.containsKey(key)) {
+            report(MessageService.getTextMessage(
+                MessageId.CANNOT_READ_SECURITY_PROPERTY, key, e.toString()));
+         }
+    }
+
+    private void report(SecurityException e, File file) {
+        report(MessageService.getTextMessage(
+                MessageId.CANNOT_CREATE_FILE_OR_DIRECTORY,
+                file.toString(),
+                e.toString()));
+    }
+
+
 	/*
 	** Priv block code, moved out of the old Java2 version.
 	*/

Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?rev=1609717&r1=1609716&r2=1609717&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Fri Jul 11 14:41:29
2014
@@ -8861,6 +8861,22 @@ page id:            {0}
             </msg>
 
             <msg>
+                <name>M008</name>
+                <text>WARNING: the property {0} could not be read due to a security
exception: {1}. This could pose a security risk.
+                </text>
+                <arg>propertyName</arg>
+                <arg>error</arg>
+            </msg>
+
+            <msg>
+                <name>M009</name>
+                <text>The file or directory {0} could not be created due to a security
exception: {1}.
+                </text>
+                <arg>fileName</arg>
+                <arg>error</arg>
+            </msg>
+
+            <msg>
                 <name>N001</name>
                 <text>This error is caused by the following error.</text>
             </msg>

Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java?rev=1609717&r1=1609716&r2=1609717&view=diff
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
(original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/MessageId.java
Fri Jul 11 14:41:29 2014
@@ -225,6 +225,12 @@ public interface MessageId {
     /** Tell user not to edit/delete any files in the seg directory. */
     String README_AT_SEG_LEVEL                               = "M007";
 
+    /**
+     * Could not read security related Derby properties when running under a
+     * security manager
+     */
+    String CANNOT_READ_SECURITY_PROPERTY                     = "M008";
+    String CANNOT_CREATE_FILE_OR_DIRECTORY                   = "M009";
     /*
      * Misc
      */

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java?rev=1609717&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
Fri Jul 11 14:41:29 2014
@@ -0,0 +1,328 @@
+/*
+
+   Derby - Class org.apache.derbyTesting.unitTests.junit.MissingPermissionsTest
+
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+*/
+
+package org.apache.derbyTesting.unitTests.junit;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.sql.Connection;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+import static junit.framework.Assert.assertTrue;
+import junit.framework.Test;
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.BaseTestSuite;
+import org.apache.derbyTesting.junit.SecurityManagerSetup;
+import org.apache.derbyTesting.junit.SpawnedProcess;
+import org.apache.derbyTesting.junit.SupportFilesSetup;
+import org.apache.derbyTesting.junit.SystemPropertyTestSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+
+/**
+ * Test behavior when permissions are missing for:
+ * <ul>
+ *   <li>reading of system properties, see DERBY-6617</li>
+ *   <li>read, write access to create derby.system.home, see DERBY-6617</li>
+ * </ul>
+ * Note: requires English locale because the test asserts on localized
+ * strings.
+ */
+public class MissingPermissionsTest extends BaseJDBCTestCase {
+
+    private final static String AUTH_MSG =
+            "derby.connection.requireAuthentication";
+
+    private final static String SYSTEM_HOME = "derby.system.home";
+
+    private final static String resourcePrefix = "unitTests/junit/";
+    private final static String testPrefix =
+            "org/apache/derbyTesting/" + resourcePrefix;
+
+    private final static String OK_POLICY =
+            "MissingPermissionsTest.policy";
+    private final static String OK_POLICY_T =
+            testPrefix + OK_POLICY;
+
+    private final static String POLICY_MINUS_PROPERTYPERMISSION =
+            "MissingPermissionsTest1.policy";
+
+    private final static String POLICY_MINUS_PROPERTYPERMISSION_T =
+            testPrefix + POLICY_MINUS_PROPERTYPERMISSION;
+
+    private final static String POLICY_MINUS_FILEPERMISSION =
+            "MissingPermissionsTest2.policy";
+
+    private final static String POLICY_MINUS_FILEPERMISSION_T =
+            testPrefix + POLICY_MINUS_FILEPERMISSION;
+
+    private final static String POLICY_MINUS_FILEPERMISSION_R =
+            resourcePrefix + POLICY_MINUS_FILEPERMISSION;
+
+    private final int KIND_EXPECT_ERROR_MSG_PRESENT = 0;
+    private final int KIND_EXPECT_ERROR_MSG_ABSENT = 1;
+
+    public MissingPermissionsTest(String name) {
+        super(name);
+    }
+
+
+    private static Test makeTest(String fixture, String policy) {
+        Test t =  new MissingPermissionsTest(fixture);
+        t = new SecurityManagerSetup(t, policy);
+        final Properties props = new Properties();
+        props.setProperty("derby.connection.requireAuthentication", "true");
+        props.setProperty("derby.database.sqlAuthorization", "true");
+        props.setProperty("derby.authentication.provider", "BUILTIN");
+        props.setProperty("derby.user.APP", "APPPW");
+
+        t = new SystemPropertyTestSetup(t, props, true);
+        t = TestConfiguration.changeUserDecorator(t, "APP", "APPPW");
+        t = TestConfiguration.singleUseDatabaseDecorator(t);
+        return t;
+    }
+
+    public static Test suite() {
+        final BaseTestSuite suite =
+                new BaseTestSuite("SystemPrivilegesPermissionTest");
+
+        suite.addTest(
+                new SupportFilesSetup(
+                        makeTest("testMissingFilePermission",
+                                POLICY_MINUS_FILEPERMISSION_T),
+                        new String[] {
+                            POLICY_MINUS_FILEPERMISSION_R}));
+
+        suite.addTest(makeTest("testPresentPropertiesPermission",
+                OK_POLICY_T));
+
+        suite.addTest(makeTest("testMissingPropertiesPermission",
+                POLICY_MINUS_PROPERTYPERMISSION_T));
+
+        return suite;
+    }
+
+    /**
+     * This test is run with a policy that does not lack permission to read
+     * properties for derby.jar. This should leave no related error messages on
+     * derby.log.
+     *
+     * @throws SQLException
+     * @throws IOException
+     * @throws PrivilegedActionException
+     */
+    public void testPresentPropertiesPermission()
+            throws SQLException, IOException, PrivilegedActionException {
+
+        // With credentials we are OK
+        openDefaultConnection("APP", "APPPW").close();
+
+        Connection c = null;
+
+        // With wrong credentials we are not OK
+        try {
+            c = openDefaultConnection("Donald", "Duck");
+            fail();
+        } catch(SQLException e) {
+            assertSQLState("08004", e);
+        } finally {
+            if (c != null) {
+                c.close();
+            }
+        }
+        verifyMessagesInDerbyLog(KIND_EXPECT_ERROR_MSG_ABSENT);
+    }
+
+    /**
+     * This test is run with a policy that lacks permission to read properties
+     * for derby.jar. This should lead to error messages on derby.log.
+     *
+     * @throws SQLException
+     * @throws IOException
+     * @throws PrivilegedActionException
+     */
+    public void testMissingPropertiesPermission()
+            throws SQLException, IOException, PrivilegedActionException {
+        // With credentials we are OK
+        openDefaultConnection("APP", "APPPW").close();
+
+        // But also with wrong ones, all seems OK...
+        openDefaultConnection("Donald", "Duck").close();
+
+        // Check that we see the error messages expected in derby.log
+        verifyMessagesInDerbyLog(KIND_EXPECT_ERROR_MSG_PRESENT);
+    }
+
+    /**
+     * This test is run with a policy that lacks permission for derby.jar to
+     * create a db directory for derby.  In this scenario we expect the boot to
+     * fail, and an error message to be printed to the console, so we try to
+     * get it by forking a sub-process. See {@code FileMonitor#PBinitialize}
+     * when it gets a {@code SecurityException} following attempt to do "{@code
+     * home.mkdir(s)}".
+     * <p/>
+     * Note that the policy used with this text fixture also doubles as the
+     * one used by the subprocess to demonstrate the lack of permission.
+     *
+     * @throws SQLException
+     * @throws IOException
+     * @throws PrivilegedActionException
+     * @throws ClassNotFoundException
+     * @throws java.lang.InterruptedException
+     */
+    public void testMissingFilePermission() throws SQLException,
+            IOException,
+            PrivilegedActionException,
+            ClassNotFoundException,
+            InterruptedException {
+
+        // Collect the set of needed arguments to the java command
+        // The command runs ij with a security manager whose policy
+        // lacks the permissions to create derby.system.home.
+        final List<String> args = new ArrayList<String>();
+        final String codeJarUrl = "file:" + getDerbyJarPath();
+        args.add("-Djava.security.manager");
+        args.add("-Djava.security.policy==extin/MissingPermissionsTest2.policy");
+        args.add("-DderbyTesting.codejar=" + codeJarUrl);
+        args.add("-Dderby.system.home=system/nested");
+        args.add("-Dij.connection.test=jdbc:derby:wombat;create=true");
+        args.add("-classpath");
+        args.add(getClassPath());
+        args.add("org.apache.derby.tools.ij");
+        final String[] argArray = args.toArray(new String[0]);
+
+        final Process p = execJavaCmd(argArray);
+        SpawnedProcess spawned = new SpawnedProcess(p, "MPT");
+        spawned.suppressOutputOnComplete(); // we want to read it ourselves
+
+        final int exitCode = spawned.complete(3000); // 3 seconds
+
+        assertTrue(
+            spawned.getFailMessage("subprocess run failed: "), exitCode == 0);
+
+        final String expectedMessageOnConsole =
+                "The file or directory system/nested could not be created " +
+                "due to a security exception: " +
+                "java.security.AccessControlException: access denied " +
+                "(\"java.io.FilePermission\" \"system/nested\" \"write\").";
+
+        final String output = spawned.getFullServerOutput(); // ignore
+        final String err    = spawned.getFullServerError();
+
+        assertTrue(err.contains(expectedMessageOnConsole));
+    }
+
+    private String makeMessage(String property) {
+        final StringBuilder sb = new StringBuilder();
+        sb.append("WARNING: the property ");
+        sb.append(property);
+        sb.append(" could not be read due to a security exception: ");
+        sb.append("java.security.AccessControlException: access denied (\"");
+        sb.append("java.util.PropertyPermission\" ");
+        sb.append("\"");
+        sb.append(property);
+        sb.append("\" \"read\")");
+        return sb.toString();
+    }
+
+
+    private void verifyMessagesInDerbyLog(int kind) throws
+            FileNotFoundException,
+            IOException,
+            PrivilegedActionException {
+
+        String derbyLog = null;
+
+        if (kind == KIND_EXPECT_ERROR_MSG_PRESENT) {
+            // In this case we didn't have permission to read derby.system.home
+            // so expect derby.log to be at CWD.
+            derbyLog = "derby.log";
+        } else if (kind == KIND_EXPECT_ERROR_MSG_ABSENT) {
+            derbyLog = "system/derby.log";
+        }
+
+        final BufferedReader dl = getReader(derbyLog);
+        final StringBuilder log = new StringBuilder();
+
+        try {
+            for (String line = dl.readLine(); line != null; line = dl.readLine()) {
+                log.append(line);
+                log.append('\n');
+            }
+
+            if (kind == KIND_EXPECT_ERROR_MSG_PRESENT) {
+                // We should see SecurityException when reading security
+                // related properties in FileMonitor#PBgetJVMProperty
+                assertTrue(log.toString().contains(makeMessage(AUTH_MSG)));
+
+                // We should see SecurityException when reading
+                // derby.system.home in FileMonitor#PBinitialize
+                assertTrue(log.toString().contains(makeMessage(SYSTEM_HOME)));
+            } else if (kind == KIND_EXPECT_ERROR_MSG_ABSENT) {
+                assertFalse(log.toString().contains(makeMessage(AUTH_MSG)));
+                assertFalse(log.toString().contains(makeMessage(SYSTEM_HOME)));
+            }
+        } finally {
+            dl.close();
+        }
+    }
+
+    private static BufferedReader getReader(final String file)
+            throws PrivilegedActionException {
+
+        return AccessController.doPrivileged(
+                new PrivilegedExceptionAction<BufferedReader>() {
+            @Override
+            public BufferedReader run() throws FileNotFoundException {
+                return new BufferedReader(new FileReader(file));
+            }});
+    }
+
+
+    private static String getClassPath() throws PrivilegedActionException {
+        return AccessController.doPrivileged(
+                new PrivilegedExceptionAction<String>() {
+            @Override
+            public String run() {
+                return System.getProperty("java.class.path");
+            }});
+    }
+
+    private static String getDerbyJarPath() throws PrivilegedActionException {
+        final String classpath = getClassPath();
+        final String[] classpathEntries = classpath.split(File.pathSeparator);
+
+        for (String s: classpathEntries) {
+            int i = s.indexOf("derby.jar");
+            if (i >= 0) {
+                return s.substring(0, i);
+            }
+        }
+        return null;
+    }
+}

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy?rev=1609717&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy
Fri Jul 11 14:41:29 2014
@@ -0,0 +1,128 @@
+//
+//   Licensed to the Apache Software Foundation (ASF) under one or more
+//   contributor license agreements.  See the NOTICE file distributed with
+//   this work for additional information regarding copyright ownership.
+//   The ASF licenses this file to You under the Apache License, Version 2.0
+//   (the "License"); you may not use this file except in compliance with
+//   the License.  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+grant codeBase "${derbyTesting.codejar}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  //
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+  permission java.io.FilePermission "${derby.system.home}","read";
+  permission java.io.FilePermission "${derby.system.home}${/}-",
+      "read,write,delete";
+
+  permission java.sql.SQLPermission "deregisterDriver";
+
+  // This permission lets you backup and restore databases to and from
+  // arbitrary locations in your file system.
+  //
+  // This permission also lets you import/export data to and from arbitrary
+  // locations in your file system.
+  //
+  // You may want to restrict this access to specific directories.
+  //
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
+  permission java.util.PropertyPermission "user.*", "read";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+  permission java.io.FilePermission "java.runtime.version", "read";
+  permission java.io.FilePermission "java.fullversion", "read";
+
+  // Permissions needed for JMX based management and monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent
+  // Specification.
+  //
+  permission javax.management.MBeanPermission
+       "org.apache.derby.*#[org.apache.derby:*]",
+       "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the
+  // MBean server.
+  //
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for jmx to be used against Derby but only if JMX
+  // authentication is not being used.  In that case the application would need
+  // to create a whole set of fine-grained permissions to allow specific users
+  // access to MBeans and actions they perform.
+  //
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
+
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log
+  //
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // The following permission must be granted for Connection.abort(Executor) to
+  // work. Note that this permission must also be granted to outer
+  // (application) code domains.
+  //
+  permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner
+  //
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Allow tests to install and uninstall the security manager and
+  // to refresh the policy
+  permission java.util.PropertyPermission "java.security.policy", "read,write";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+
+  // derbyTesting.junit.TestConfiguration... modifies System properties
+  permission java.util.PropertyPermission "*", "read,write";
+
+  //needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // **** Needed by this test
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy?rev=1609717&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy
Fri Jul 11 14:41:29 2014
@@ -0,0 +1,130 @@
+//
+//   Licensed to the Apache Software Foundation (ASF) under one or more
+//   contributor license agreements.  See the NOTICE file distributed with
+//   this work for additional information regarding copyright ownership.
+//   The ASF licenses this file to You under the Apache License, Version 2.0
+//   (the "License"); you may not use this file except in compliance with
+//   the License.  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+grant codeBase "${derbyTesting.codejar}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  //
+  // **** Removed these for this test:
+  //      permission java.util.PropertyPermission "derby.*", "read";
+  //
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  //
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+  permission java.io.FilePermission "${derby.system.home}","read";
+  permission java.io.FilePermission "${derby.system.home}${/}-",
+      "read,write,delete";
+
+  // This permission lets you backup and restore databases to and from
+  // arbitrary locations in your file system.
+  //
+  // This permission also lets you import/export data to and from arbitrary
+  // locations in your file system.
+  //
+  // You may want to restrict this access to specific directories.
+  //
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
+  permission java.util.PropertyPermission "user.*", "read";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+  permission java.io.FilePermission "java.runtime.version", "read";
+  permission java.io.FilePermission "java.fullversion", "read";
+  permission java.sql.SQLPermission "deregisterDriver";
+
+  // Permissions needed for JMX based management and monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent
+  // Specification.
+  //
+  permission javax.management.MBeanPermission
+       "org.apache.derby.*#[org.apache.derby:*]",
+       "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the
+  // MBean server.
+  //
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for jmx to be used against Derby but only if JMX
+  // authentication is not being used.  In that case the application would need
+  // to create a whole set of fine-grained permissions to allow specific users
+  // access to MBeans and actions they perform.
+  //
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
+
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log
+  //
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // The following permission must be granted for Connection.abort(Executor) to
+  // work. Note that this permission must also be granted to outer
+  // (application) code domains.
+  //
+  permission java.sql.SQLPermission "callAbort";
+
+  // Needed by FileUtil#limitAccessToOwner
+  //
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Allow tests to install and uninstall the security manager and
+  // to refresh the policy
+  permission java.util.PropertyPermission "java.security.policy", "read,write";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+
+  // derbyTesting.junit.TestConfiguration... modifies System properties
+  permission java.util.PropertyPermission "*", "read,write";
+
+  //needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // **** Needed by this test
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy?rev=1609717&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy
Fri Jul 11 14:41:29 2014
@@ -0,0 +1,136 @@
+//
+//   Licensed to the Apache Software Foundation (ASF) under one or more
+//   contributor license agreements.  See the NOTICE file distributed with
+//   this work for additional information regarding copyright ownership.
+//   The ASF licenses this file to You under the Apache License, Version 2.0
+//   (the "License"); you may not use this file except in compliance with
+//   the License.  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+
+grant codeBase "${derbyTesting.codejar}derby.jar"
+{
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "user.dir", "read";
+
+  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  //
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+
+  permission java.io.FilePermission "${derby.system.home}","read";
+  //   permission java.io.FilePermission "${derby.system.home}${/}-",
+  //    "read,write,delete";
+
+  permission java.io.FilePermission "./derby.log", "read,write,delete";
+  permission java.io.FilePermission "singleUse${/}-", "read,write,delete";
+  permission java.io.FilePermission "system", "read,write,delete";
+  permission java.io.FilePermission "system${/}singleUse{/}-", "read,write,delete";
+  // permission java.io.FilePermission "system${/}nested", "read,write,delete";
+  permission java.io.FilePermission "system${/}nested${/}-", "read,write,delete";
+  permission java.io.FilePermission ".", "read,write,delete";
+  permission java.sql.SQLPermission "deregisterDriver";
+
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
+  // Permissions needed for JMX based management and monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent
+  // Specification.
+  //
+  permission javax.management.MBeanPermission
+       "org.apache.derby.*#[org.apache.derby:*]",
+       "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the
+  // MBean server.
+  //
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for jmx to be used against Derby but only if JMX
+  // authentication is not being used.  In that case the application would need
+  // to create a whole set of fine-grained permissions to allow specific users
+  // access to MBeans and actions they perform.
+  //
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";
+
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log
+  //
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // Needed by FileUtil#limitAccessToOwner
+  //
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Allow tests to install and uninstall the security manager and
+  // to refresh the policy
+  permission java.util.PropertyPermission "java.security.policy", "read,write";
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+
+  // derbyTesting.junit.TestConfiguration... modifies System properties
+  permission java.util.PropertyPermission "*", "read,write";
+
+  //needs to run "doAsPrivileged"
+  permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+  // **** Needed by this test
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete,execute";
+};
+
+
+grant codeBase "${derbyTesting.codejar}derbytools.jar"
+{
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is for all codebases which include
+  // the sysinfo classes--the policy file syntax does not let you grant
+  // permissions to several codebases all at once.
+  //
+  permission java.util.PropertyPermission "*", "read,write";
+  permission java.util.PropertyPermission "java.home", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";
+  permission java.util.PropertyPermission "java.runtime.version", "read";
+  permission java.util.PropertyPermission "java.fullversion", "read";
+  permission java.lang.RuntimePermission "getProtectionDomain";
+  permission java.io.FilePermission "<<ALL FILES>>", "read";
+  permission java.io.FilePermission "java.runtime.version", "read";
+  permission java.io.FilePermission "java.fullversion", "read";
+};

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java?rev=1609717&r1=1609716&r2=1609717&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/_Suite.java Fri
Jul 11 14:41:29 2014
@@ -58,6 +58,7 @@ public class _Suite extends BaseTestCase
         suite.addTest(ReaderToUTF8StreamTest.suite());
         suite.addTest(DataInputUtilTest.suite());
         suite.addTest(DerbyVersionTest.suite());
+        suite.addTest(MissingPermissionsTest.suite());
 
         return suite;
     }



Mime
View raw message