db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r1627831 [1/4] - in /db/derby/code/trunk/java: drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/jdbc/ engine/org/apache/derby/iapi/services/context/ engine/org/apache/derby/iapi/services/monitor/ eng...
Date Fri, 26 Sep 2014 17:12:33 GMT
Author: rhillegas
Date: Fri Sep 26 17:12:31 2014
New Revision: 1627831

URL: http://svn.apache.org/r1627831
Log:
DERBY-6648: Prevent application code from calling the public static Monitor methods; commit derby-6648-03-ac-monitor.diff.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/context/SystemContext.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/monitor/Monitor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/db/BasicDatabase.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/db/SlaveDatabase.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/bytecode/BCJava.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/stream/SingleStream.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/uuid/BasicUUIDFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/GenericLanguageFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/GenericPreparedStatement.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DropDependencyFilter.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/ConstraintDefinitionNode.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/conn/GenericStatementContext.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/BaseActivation.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/GenericExecutionFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/access/PropertyConglomerate.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/access/RAMAccessManager.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/access/btree/index/B2IFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/access/heap/HeapConglomerateFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/access/sort/ExternalSortFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/RawStore.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/D_DiagnosticUtil.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/FileContainer.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/xact/XactFactory.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/BasicEmbeddedDataSource40.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/ResourceAdapterImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/jdbc/XATransactionState.java
    db/derby/code/trunk/java/engine/org/apache/derby/mbeans/Management.java
    db/derby/code/trunk/java/optional/org/apache/derby/optional/lucene/LuceneSupport.java
    db/derby/code/trunk/java/storeless/org/apache/derby/impl/storeless/StorelessDatabase.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/crypto/T_Cipher.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/harness/BasicUnitTestManager.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/harness/UnitTestMain.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/services/T_CacheService.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/services/T_DaemonService.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/services/T_LockFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/services/T_UUIDFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_AccessFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_FileSystemData.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_Heap.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_RawStoreFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_RecoverBadLog.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_RecoverFullLog.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_Recovery.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_SortController.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_StreamFile.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_XA.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/store/T_b2i.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/util/MsgTrace.java

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Fri Sep 26 17:12:31 2014
@@ -141,6 +141,7 @@ grant codeBase "${derby.install.url}derb
   //
   permission org.apache.derby.security.SystemPermission "server",
       "control,monitor";
+  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
 
   // Needed by sysinfo. The file permission is needed to check the existence of
   // jars on the classpath. You can limit this permission to just the locations

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Fri Sep 26 17:12:31 2014
@@ -131,6 +131,9 @@ grant codeBase "${derby.install.url}derb
   permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine",
       "read, write";
 
+  // Needed to start the monitoring MBeans
+  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
+
   // JMX: Uncomment this permission to allow the ping operation of the
   //      NetworkServerMBean to connect to the Network Server.
   //

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DRDAConnThread.java Fri Sep 26 17:12:31 2014
@@ -29,6 +29,8 @@ import java.io.ObjectInputStream;
 import java.io.OutputStream;
 import java.io.UnsupportedEncodingException;
 import java.math.BigDecimal;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.sql.CallableStatement;
 import java.sql.Connection;
 import java.sql.DataTruncation;
@@ -60,6 +62,7 @@ import org.apache.derby.iapi.reference.D
 import org.apache.derby.iapi.reference.Property;
 import org.apache.derby.iapi.reference.SQLState;
 import org.apache.derby.iapi.services.info.JVMInfo;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.shared.common.sanity.SanityManager;
 import org.apache.derby.iapi.services.stream.HeaderPrintWriter;
@@ -9286,9 +9289,9 @@ class DRDAConnThread extends Thread {
             // 
             // if monitor is never setup by any ModuleControl, getMonitor
             // returns null and no Derby database has been booted. 
-            if (Monitor.getMonitor() != null) {
+            if (getMonitor() != null) {
                 databaseObj = (org.apache.derby.iapi.db.Database)
-                    Monitor.findService(Property.DATABASE_MODULE, dbName);
+                    findService(Property.DATABASE_MODULE, dbName);
             }
 
             if (databaseObj == null)
@@ -9298,7 +9301,7 @@ class DRDAConnThread extends Thread {
 
                 // now try to find it again
                 databaseObj = (org.apache.derby.iapi.db.Database)
-                    Monitor.findService(Property.DATABASE_MODULE, dbName);
+                    findService(Property.DATABASE_MODULE, dbName);
             }
 
             // If database still could not be found, it means the database
@@ -9502,4 +9505,41 @@ class DRDAConnThread extends Thread {
             }
         }
     }
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged service lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object findService( final String factoryInterface, final String serviceName )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.findService( factoryInterface, serviceName );
+                 }
+             }
+             );
+    }
+    
 }

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Fri Sep 26 17:12:31 2014
@@ -821,7 +821,7 @@ public final class NetworkServerControlI
         // This way we know that once we can connect to the network server,
         // the MBeans will be available.
         ManagementService mgmtService = ((ManagementService)
-                Monitor.getSystemModule(Module.JMX));
+                getSystemModule(Module.JMX));
 
         final Object versionMBean = mgmtService.registerMBean(
                            new Version(
@@ -1189,7 +1189,7 @@ public final class NetworkServerControlI
         // get the system's authentication service
         final AuthenticationService auth
             = ((AuthenticationService)
-               Monitor.findService(AuthenticationService.MODULE,
+               findService(AuthenticationService.MODULE,
                                    "authentication"));
 
         // authenticate user
@@ -4170,4 +4170,41 @@ public final class NetworkServerControlI
         }
         return myPVH;
     }
+    
+    /**
+     * Privileged module lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object getSystemModule( final String factoryInterface )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.getSystemModule( factoryInterface );
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged service lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object findService( final String factoryInterface, final String serviceName )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.findService( factoryInterface, serviceName );
+                 }
+             }
+             );
+    }
+    
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java Fri Sep 26 17:12:31 2014
@@ -24,6 +24,7 @@ package org.apache.derby.iapi.jdbc;
 import org.apache.derby.shared.common.sanity.SanityManager;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.services.monitor.ModuleControl;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.reference.MessageId;
 import org.apache.derby.iapi.reference.Property;
 import java.io.PrintWriter;
@@ -216,7 +217,7 @@ public final class DRDAServerStarter imp
                      userArg, passwordArg});
             }
 
-            serverThread = Monitor.getMonitor().getDaemonThread( this, "NetworkServerStarter", false);
+            serverThread = getMonitor().getDaemonThread( this, "NetworkServerStarter", false);
             serverThread.start();
         }
         catch( Exception e)
@@ -289,4 +290,22 @@ public final class DRDAServerStarter imp
 		consoleWriter = null;
 		
     } // end of stop
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java Fri Sep 26 17:12:31 2014
@@ -22,6 +22,8 @@
 package org.apache.derby.iapi.jdbc;
 
 import java.io.PrintWriter;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Properties;
 import org.apache.derby.iapi.error.StandardException;
 import org.apache.derby.iapi.reference.MessageId;
@@ -53,7 +55,7 @@ public class JDBCBoot {
 		no current JDBC driver that is handling the required protocol.
 
 	*/
-	public void boot(String protocol, PrintWriter logging) {
+	public void boot(String protocol, final PrintWriter logging) {
 
 		if (org.apache.derby.jdbc.InternalDriver.activeDriver() == null)
 		{
@@ -64,27 +66,47 @@ public class JDBCBoot {
 			addProperty("derby.service.jdbc", "org.apache.derby.jdbc.InternalDriver");
 			addProperty("derby.service.authentication", AuthenticationService.MODULE);
 
-			Monitor.startMonitor(bootProperties, logging);
-
-            /* The network server starter module is started differently from other modules because
-             * 1. its start is conditional, depending on a system property, and PropertyUtil.getSystemProperty
-             *    does not work until the Monitor has started,
-             * 2. we do not want the server to try to field requests before Derby has booted, and
-             * 3. if the module fails to start we want to log a message to the error log and continue as
-             *    an embedded database.
-             */
-            if( Boolean.valueOf(PropertyUtil.getSystemProperty(Property.START_DRDA)).booleanValue())
-            {
-                try
-                {
-                    Monitor.startSystemModule( NETWORK_SERVER_AUTOSTART_CLASS_NAME);
-                }
-                catch( StandardException se)
-                {
-                    Monitor.logTextMessage( MessageId.CONN_NETWORK_SERVER_START_EXCEPTION,
-                                            se.getMessage());
-                }
-            }
+			boot( bootProperties, logging);
 		}
 	}
+    
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  void    boot( final Properties props, final PrintWriter logging )
+    {
+        AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     Monitor.startMonitor(props, logging);
+
+                     /* The network server starter module is started differently from other modules because
+                      * 1. its start is conditional, depending on a system property, and PropertyUtil.getSystemProperty
+                      *    does not work until the Monitor has started,
+                      * 2. we do not want the server to try to field requests before Derby has booted, and
+                      * 3. if the module fails to start we want to log a message to the error log and continue as
+                      *    an embedded database.
+                      */
+                     if( Boolean.valueOf(PropertyUtil.getSystemProperty(Property.START_DRDA)).booleanValue())
+                     {
+                         try
+                         {
+                             Monitor.startSystemModule( NETWORK_SERVER_AUTOSTART_CLASS_NAME);
+                         }
+                         catch( StandardException se)
+                         {
+                             Monitor.logTextMessage( MessageId.CONN_NETWORK_SERVER_START_EXCEPTION,
+                                                     se.getMessage());
+                         }
+                     }
+                     
+                     return null;
+                 }
+             }
+             );
+    }
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/context/SystemContext.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/context/SystemContext.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/context/SystemContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/context/SystemContext.java Fri Sep 26 17:12:31 2014
@@ -21,8 +21,12 @@
 
 package org.apache.derby.iapi.services.context;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
 import org.apache.derby.iapi.error.ShutdownException;
 import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.error.ExceptionSeverity;
 /**
@@ -73,10 +77,27 @@ final class SystemContext extends Contex
 
 		} finally {
 			// we need this to happen even if we fail to print out a notice
-			Monitor.getMonitor().shutdown();
+			getMonitor().shutdown();
 		}
 
 	}
 
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
 }
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/monitor/Monitor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/monitor/Monitor.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/monitor/Monitor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/monitor/Monitor.java Fri Sep 26 17:12:31 2014
@@ -30,6 +30,7 @@ import org.apache.derby.iapi.reference.A
 import org.apache.derby.iapi.reference.EngineType;
 import org.apache.derby.iapi.reference.Property;
 import org.apache.derby.iapi.reference.SQLState;
+import org.apache.derby.iapi.security.SecurityUtil;
 import org.apache.derby.iapi.services.i18n.MessageService;
 import org.apache.derby.iapi.services.info.ProductVersionHolder;
 import org.apache.derby.iapi.services.loader.InstanceGetter;
@@ -283,6 +284,9 @@ public class Monitor {
 
     @SuppressWarnings("ResultOfObjectAllocationIgnored")
 	public static void startMonitor(Properties bootProperties, PrintWriter logging) {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
         try {
             new org.apache.derby.impl.services.monitor.FileMonitor(bootProperties, logging);
         } catch (AccessControlException e) {
@@ -296,6 +300,9 @@ public class Monitor {
 	*/
 	public static boolean setMonitor(ModuleFactory theMonitor) {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		synchronized (syncMe) {
 			if (active)
 				return false;
@@ -307,6 +314,9 @@ public class Monitor {
 	}
 
 	public static void clearMonitor() {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		// the monitor reference needs to remain valid
 		// as there are some accesses to getMonitor()
 		// after the system has been shutdown.
@@ -319,9 +329,15 @@ public class Monitor {
 		Get the monitor.
 	*/
 	public static ModuleFactory getMonitor() {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		return monitor;
 	}
 	public static ModuleFactory getMonitorLite() {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		synchronized (syncMe) {
 			if (active && monitor != null)
 				return monitor;
@@ -343,6 +359,9 @@ public class Monitor {
 		Return the name of the service that the passed in module lives in.
 	*/
 	public static String getServiceName(Object serviceModule) {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		return monitor.getServiceName(serviceModule);
 	}
 
@@ -363,8 +382,11 @@ public class Monitor {
 		@see ModuleControl#boot
 	*/
 	public static Object startSystemModule(String factoryInterface)
-		throws StandardException {
+        throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = monitor.startModule(false, (Object) null, factoryInterface, (String) null, (Properties) null);
 		
 		if (SanityManager.DEBUG) {
@@ -381,6 +403,9 @@ public class Monitor {
 	*/
 	public static Object findSystemModule(String factoryInterface) throws StandardException
 	{
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = getMonitor().findModule((Object) null,
 									  factoryInterface, (String) null);
 		if (module == null)
@@ -395,6 +420,9 @@ public class Monitor {
      */
     public static Object getSystemModule(String factoryInterface)
     {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
         ModuleFactory monitor = getMonitor();
         if (monitor == null)
             return null;
@@ -426,6 +454,9 @@ public class Monitor {
 		String factoryInterface, Properties properties)
 		throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = monitor.startModule(create, serviceModule, factoryInterface,
 						(String) null, properties);
 
@@ -458,6 +489,9 @@ public class Monitor {
 		String factoryInterface, String identifier, Properties properties)
 		throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = monitor.startModule(create, serviceModule, factoryInterface, identifier, properties);
 		
 		if (SanityManager.DEBUG) {
@@ -477,6 +511,9 @@ public class Monitor {
 	*/
 	public static Object findServiceModule(Object serviceModule, String factoryInterface)
 		throws StandardException {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = getMonitor().findModule(serviceModule, factoryInterface, (String) null);
 		if (module == null)
 			throw Monitor.missingImplementation(factoryInterface);
@@ -484,6 +521,9 @@ public class Monitor {
 	}
 	public static Object getServiceModule(Object serviceModule, String factoryInterface)
 	{
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		Object module = getMonitor().findModule(serviceModule, factoryInterface, (String) null);
 		return module;
 	}
@@ -508,6 +548,9 @@ public class Monitor {
 
 	*/
 	public static Object findService(String factoryInterface, String serviceName) {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		return monitor.findService(factoryInterface, serviceName);
 	}
 
@@ -545,6 +588,9 @@ public class Monitor {
 												 Properties properties) 
 		throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		if (SanityManager.DEBUG) {
 			SanityManager.ASSERT(serviceName != null, "serviceName is null");
 		}
@@ -565,6 +611,9 @@ public class Monitor {
 	public static Object startNonPersistentService(String factoryInterface, String serviceName, Properties properties)
 		throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		if (SanityManager.DEBUG) {
 			SanityManager.ASSERT(factoryInterface != null, "serviceName is null");
 			SanityManager.ASSERT(serviceName != null, "serviceName is null");
@@ -590,6 +639,9 @@ public class Monitor {
 	public static Object createPersistentService(String factoryInterface, String serviceName, Properties properties) 
 		throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		if (SanityManager.DEBUG) {
 			SanityManager.ASSERT(factoryInterface != null, "serviceName is null");
 			SanityManager.ASSERT(serviceName != null, "serviceName is null");
@@ -600,6 +652,9 @@ public class Monitor {
     public static void removePersistentService(String name)
         throws StandardException
     {
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
         // For now we only allow dropping in-memory databases.
         // This is mostly due to the fact that the current implementation for
         // the on-disk back end doesn't handle logDevice when dropping.
@@ -642,6 +697,7 @@ public class Monitor {
 	*/
 	public static Object newInstanceFromIdentifier(int identifier) 
 		throws StandardException {
+        
 		return monitor.newInstanceFromIdentifier(identifier);
 	}
 
@@ -711,6 +767,9 @@ public class Monitor {
 	 */
 	public static boolean isFullUpgrade(Properties startParams, String oldVersionInfo) throws StandardException {
 
+        // Verify that we have permission to execute this method.
+        SecurityUtil.checkDerbyInternalsPrivilege();
+        
 		boolean fullUpgrade = Boolean.valueOf(startParams.getProperty(org.apache.derby.iapi.reference.Attribute.UPGRADE_ATTR)).booleanValue();
 
 		ProductVersionHolder engineVersion = Monitor.getMonitor().getEngineVersion();

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java Fri Sep 26 17:12:31 2014
@@ -34,6 +34,8 @@ import org.apache.derby.iapi.util.IdUtil
 
 import java.util.Properties;
 import java.io.Serializable;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Dictionary;
 import java.util.Enumeration;
 
@@ -102,7 +104,7 @@ public class PropertyUtil {
 		boolean dbOnly = isDBOnly(set);
 
 		if (!dbOnly) {
-			if (Monitor.getMonitor().getJVMProperty(key) != null) {
+			if (getMonitor().getJVMProperty(key) != null) {
 				return SET_IN_JVM;
 			}
 		}
@@ -177,7 +179,7 @@ public class PropertyUtil {
 	*/
 	public static String getSystemProperty(String key, String defaultValue) {
 
-		ModuleFactory monitor = Monitor.getMonitorLite();
+		ModuleFactory monitor = getMonitorLite();
 
 		String value = monitor.getJVMProperty(key);
 
@@ -241,7 +243,7 @@ public class PropertyUtil {
 			Serializable value;
 
 			if (!dbOnly) {
-				value = Monitor.getMonitor().getJVMProperty(key);
+				value = getMonitor().getJVMProperty(key);
 				if (value != null)
 					return value;
 			}
@@ -264,7 +266,7 @@ public class PropertyUtil {
 			String value;
 
 			if (!dbOnly) {
-				value = Monitor.getMonitor().getJVMProperty(key);
+				value = getMonitor().getJVMProperty(key);
 				if (value != null)
 					return value;
 			}
@@ -319,7 +321,7 @@ public class PropertyUtil {
                 (value != null ? value.trim() : value)).booleanValue();
 
 		if (!dbOnly) {
-			value = Monitor.getMonitor().getJVMProperty(key);
+			value = getMonitor().getJVMProperty(key);
 			if (value != null)
 				return value;
 		}
@@ -634,7 +636,7 @@ public class PropertyUtil {
 	 */
 	private static boolean systemPropertiesExistsBuiltinUser(String username)
 	{
-		ModuleFactory monitor = Monitor.getMonitorLite();
+		ModuleFactory monitor = getMonitorLite();
 
 		try {
 			Properties JVMProperties = System.getProperties();
@@ -682,5 +684,43 @@ public class PropertyUtil {
 
 		return false;
 	}
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitorLite()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitorLite();
+                 }
+             }
+             );
+    }
+
 }
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java Fri Sep 26 17:12:31 2014
@@ -109,7 +109,7 @@ public final class ConglomerateDescripto
 		this.forConstraint = forConstraint;
 		if (uuid == null)
 		{
-			UUIDFactory uuidFactory = Monitor.getMonitor().getUUIDFactory();
+			UUIDFactory uuidFactory = DataDescriptorGenerator.getMonitor().getUUIDFactory();
 			uuid = uuidFactory.createUUID();
 		}
 		this.uuid = uuid;

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java Fri Sep 26 17:12:31 2014
@@ -21,12 +21,15 @@
 
 package org.apache.derby.iapi.sql.dictionary;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.sql.Timestamp;
 import org.apache.derby.catalog.ReferencedColumns;
 import org.apache.derby.catalog.UUID;
 import org.apache.derby.catalog.types.ReferencedColumnsDescriptorImpl;
 import org.apache.derby.iapi.error.StandardException;
 import org.apache.derby.iapi.services.io.FormatableBitSet;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.shared.common.sanity.SanityManager;
 import org.apache.derby.iapi.services.uuid.UUIDFactory;
@@ -409,7 +412,7 @@ public class DataDescriptorGenerator 
 	protected UUIDFactory getUUIDFactory()
 	{
 		if (uuidf == null)
-			uuidf = Monitor.getMonitor().getUUIDFactory();
+			uuidf = getMonitor().getUUIDFactory();
 		return uuidf;
 	}
 
@@ -598,4 +601,23 @@ public class DataDescriptorGenerator 
                 grantee,
                 grantable);
     }
+    
+    /**
+     * Privileged Monitor lookup. Must be package private so that user code
+     * can't call this entry point.
+     */
+    static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java Fri Sep 26 17:12:31 2014
@@ -1148,7 +1148,7 @@ public class SPSDescriptor extends Uniqu
 	{
 		if (uuidFactory == null)
 		{
-			uuidFactory = Monitor.getMonitor().getUUIDFactory();
+			uuidFactory = DataDescriptorGenerator.getMonitor().getUUIDFactory();
 		}
 		return uuidFactory.recreateUUID(idString);
 	}

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java Fri Sep 26 17:12:31 2014
@@ -76,7 +76,7 @@ public final class DataValueFactoryImpl 
     	 */
     	public void boot(boolean create, Properties properties) throws StandardException {
     		
-    		ModuleFactory monitor = Monitor.getMonitor();
+    		ModuleFactory monitor = getMonitor();
     		//The Locale on monitor has already been set by the boot code in
     		//BasicDatabase so we can simply do a get here.
     		//This Locale will be either the Locale obtained from the territory
@@ -1161,22 +1161,34 @@ public final class DataValueFactoryImpl 
      */
     static  Context    getContext( final String contextID )
     {
-        if ( System.getSecurityManager() == null )
-        {
-            return ContextService.getContext( contextID );
-        }
-        else
-        {
-            return AccessController.doPrivileged
-                (
-                 new PrivilegedAction<Context>()
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Context>()
+             {
+                 public Context run()
                  {
-                     public Context run()
-                     {
-                         return ContextService.getContext( contextID );
-                     }
+                     return ContextService.getContext( contextID );
                  }
-                 );
-        }
+             }
+             );
     }
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/db/BasicDatabase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/db/BasicDatabase.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/db/BasicDatabase.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/db/BasicDatabase.java Fri Sep 26 17:12:31 2014
@@ -149,7 +149,7 @@ public class BasicDatabase implements Mo
 		throws StandardException
 	{
 
-		ModuleFactory monitor = Monitor.getMonitor();
+		ModuleFactory monitor = getMonitor();
 		if (create)
 		{
 			if (startParams.getProperty(Property.CREATE_WITH_NO_LOG) == null)
@@ -177,7 +177,7 @@ public class BasicDatabase implements Mo
 		// registered types (DECIMAL) are there before logical undo recovery 
         // might need them.
 		DataValueFactory dvf = (DataValueFactory) 
-            Monitor.bootServiceModule(
+            bootServiceModule(
                 create, 
                 this,
 				org.apache.derby.iapi.reference.ClassName.DataValueFactory, 
@@ -202,15 +202,15 @@ public class BasicDatabase implements Mo
 		bootClassFactory(create, allParams);
         
         dd = (DataDictionary)
-            Monitor.bootServiceModule(create, this,
+            bootServiceModule(create, this,
                     DataDictionary.MODULE, allParams);
 
 		lcf = (LanguageConnectionFactory) 
-            Monitor.bootServiceModule(
+            bootServiceModule(
                 create, this, LanguageConnectionFactory.MODULE, allParams);
 
 		lf = (LanguageFactory) 
-            Monitor.bootServiceModule(
+            bootServiceModule(
                 create, this, LanguageFactory.MODULE, allParams);
 
 		bootResourceAdapter(create, allParams);
@@ -595,7 +595,7 @@ public class BasicDatabase implements Mo
 			// no property defined in the Transaction set
 			// this could be an upgrade, see if it's stored in the service set
 
-			UUIDFactory	uuidFactory  = Monitor.getMonitor().getUUIDFactory();
+			UUIDFactory	uuidFactory  = getMonitor().getUUIDFactory();
 
 			
 			upgradeID = startParams.getProperty(DataDictionary.DATABASE_ID);
@@ -745,7 +745,7 @@ public class BasicDatabase implements Mo
 			IdUtil.parseDbClassPath(classpath);
 
 			startParams.put(Property.BOOT_DB_CLASSPATH, classpath);
-			cfDB = (ClassFactory) Monitor.bootServiceModule(create, this,
+			cfDB = (ClassFactory) bootServiceModule(create, this,
 					org.apache.derby.iapi.reference.Module.ClassFactory, startParams);
 	}
 
@@ -763,18 +763,18 @@ public class BasicDatabase implements Mo
 
 	protected AuthenticationService bootAuthenticationService(boolean create, Properties props) throws StandardException {
 		return (AuthenticationService)
-				Monitor.bootServiceModule(create, this, AuthenticationService.MODULE, props);
+				bootServiceModule(create, this, AuthenticationService.MODULE, props);
 	}
 
 	protected void bootValidation(boolean create, Properties startParams)
 		throws StandardException {
-		pf = (PropertyFactory) Monitor.bootServiceModule(create, this,
+		pf = (PropertyFactory) bootServiceModule(create, this,
 			org.apache.derby.iapi.reference.Module.PropertyFactory, startParams);
 	}
 
 	protected void bootStore(boolean create, Properties startParams)
 		throws StandardException {
-		af = (AccessFactory) Monitor.bootServiceModule(create, this, AccessFactory.MODULE, startParams);
+		af = (AccessFactory) bootServiceModule(create, this, AccessFactory.MODULE, startParams);
 	}
 
     /**
@@ -808,7 +808,7 @@ public class BasicDatabase implements Mo
 		try
 		{
 			resourceAdapter = 
-				Monitor.bootServiceModule(create, this,
+				bootServiceModule(create, this,
 										 org.apache.derby.iapi.reference.Module.ResourceAdapter,
 										 allParams);
 		}
@@ -891,7 +891,7 @@ public class BasicDatabase implements Mo
     private StorageFactory  getStorageFactory()
         throws StandardException
     {
-        DataFactory dataFactory = (DataFactory) Monitor.findServiceModule( this, DataFactory.MODULE );
+        DataFactory dataFactory = (DataFactory) findServiceModule( this, DataFactory.MODULE );
 
         return dataFactory.getStorageFactory();
     }
@@ -948,22 +948,88 @@ public class BasicDatabase implements Mo
      */
     private  static  ContextService    getContextService()
     {
-        if ( System.getSecurityManager() == null )
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ContextService>()
+             {
+                 public ContextService run()
+                 {
+                     return ContextService.getFactory();
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
+    
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object bootServiceModule
+        (
+         final boolean create, final Object serviceModule,
+         final String factoryInterface, final Properties properties
+         )
+        throws StandardException
+    {
+        try {
+            return AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object run()
+                         throws StandardException
+                     {
+                         return Monitor.bootServiceModule( create, serviceModule, factoryInterface, properties );
+                     }
+                 }
+                 );
+        } catch (PrivilegedActionException pae)
         {
-            return ContextService.getFactory();
+            throw StandardException.plainWrapException( pae );
         }
-        else
-        {
+    }
+
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object findServiceModule( final Object serviceModule, final String factoryInterface)
+        throws StandardException
+    {
+        try {
             return AccessController.doPrivileged
                 (
-                 new PrivilegedAction<ContextService>()
+                 new PrivilegedExceptionAction<Object>()
                  {
-                     public ContextService run()
+                     public Object run()
+                         throws StandardException
                      {
-                         return ContextService.getFactory();
+                         return Monitor.findServiceModule( serviceModule, factoryInterface );
                      }
                  }
                  );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
         }
     }
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java Fri Sep 26 17:12:31 2014
@@ -25,6 +25,7 @@ import org.apache.derby.iapi.services.co
 import org.apache.derby.iapi.services.context.ContextManager;
 import org.apache.derby.iapi.services.context.ContextService;
 import org.apache.derby.iapi.sql.dictionary.DataDictionary;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.db.Database;
 import org.apache.derby.iapi.db.DatabaseContext;
@@ -76,7 +77,7 @@ final class DatabaseContextImpl extends 
 		    getContextService().notifyAllActiveThreads(this);
             // This may be called multiple times, but is short-circuited
             // in the monitor.
-		    Monitor.getMonitor().shutdown(db);
+		    getMonitor().shutdown(db);
         }
 	}
 
@@ -99,23 +100,34 @@ final class DatabaseContextImpl extends 
      */
     private  static  ContextService    getContextService()
     {
-        if ( System.getSecurityManager() == null )
-        {
-            return ContextService.getFactory();
-        }
-        else
-        {
-            return AccessController.doPrivileged
-                (
-                 new PrivilegedAction<ContextService>()
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ContextService>()
+             {
+                 public ContextService run()
                  {
-                     public ContextService run()
-                     {
-                         return ContextService.getFactory();
-                     }
+                     return ContextService.getFactory();
                  }
-                 );
-        }
+             }
+             );
+    }
+
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
     }
 
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/db/SlaveDatabase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/db/SlaveDatabase.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/db/SlaveDatabase.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/db/SlaveDatabase.java Fri Sep 26 17:12:31 2014
@@ -36,6 +36,8 @@ import org.apache.derby.iapi.sql.conn.La
 import org.apache.derby.jdbc.InternalDriver;
 
 import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
 import java.security.AccessController;
 
 import java.sql.SQLException;
@@ -396,7 +398,7 @@ public class SlaveDatabase extends Basic
         }
 
         try {
-            slaveFac = (SlaveFactory)Monitor.
+            slaveFac = (SlaveFactory)
                 findServiceModule(this, SlaveFactory.MODULE);
             return true;
         } catch (StandardException se) {
@@ -456,22 +458,40 @@ public class SlaveDatabase extends Basic
      */
     private  static  ContextService    getContextService()
     {
-        if ( System.getSecurityManager() == null )
-        {
-            return ContextService.getFactory();
-        }
-        else
-        {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ContextService>()
+             {
+                 public ContextService run()
+                 {
+                     return ContextService.getFactory();
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object findServiceModule( final Object serviceModule, final String factoryInterface)
+        throws StandardException
+    {
+        try {
             return AccessController.doPrivileged
                 (
-                 new PrivilegedAction<ContextService>()
+                 new PrivilegedExceptionAction<Object>()
                  {
-                     public ContextService run()
+                     public Object run()
+                         throws StandardException
                      {
-                         return ContextService.getFactory();
+                         return Monitor.findServiceModule( serviceModule, factoryInterface );
                      }
                  }
                  );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
         }
     }
 

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Fri Sep 26 17:12:31 2014
@@ -30,6 +30,7 @@ import org.apache.derby.iapi.reference.S
 
 import org.apache.derby.iapi.services.context.ContextManager;
 import org.apache.derby.iapi.services.memory.LowMemory;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.shared.common.sanity.SanityManager;
 import org.apache.derby.iapi.services.property.PropertyUtil;
@@ -55,8 +56,12 @@ import org.apache.derby.iapi.store.repli
 import org.apache.derby.iapi.store.replication.slave.SlaveFactory;
 import java.io.IOException;
 
-import java.security.Permission;
 import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
 
 /* can't import due to name overlap:
 import java.sql.Connection;
@@ -259,7 +264,7 @@ public class EmbedConnection implements 
             boolean shutdown = isTrue(info, Attribute.SHUTDOWN_ATTR);
 
 			// see if database is already booted
-			Database database = (Database) Monitor.findService(Property.DATABASE_MODULE, tr.getDBName());
+			Database database = (Database) findService(Property.DATABASE_MODULE, tr.getDBName());
 
             // encryption, re-encryption and decryption are not allowed on an already booted database.
             // see DERBY-5969.
@@ -617,7 +622,7 @@ public class EmbedConnection implements 
                 // may cause a number of errors to be thrown. Try to make the
                 // shutdown/drop as clean as possible.
                 sleep(500L);
-                Monitor.removePersistentService(dbName);
+                removePersistentService(dbName);
                 // Generate the drop database exception here, as this is the
                 // only place it will be thrown.
                 StandardException se = StandardException.newException(
@@ -1341,8 +1346,8 @@ public class EmbedConnection implements 
         throws SQLException
     {
         try {
-            String  leftCanonical = Monitor.getMonitor().getCanonicalServiceName( leftDBName );
-            String  rightCanonical = Monitor.getMonitor().getCanonicalServiceName( rightDBName );
+            String  leftCanonical = getMonitor().getCanonicalServiceName( leftDBName );
+            String  rightCanonical = getMonitor().getCanonicalServiceName( rightDBName );
 
             if ( leftCanonical == null ) { return false; }
             else { return leftCanonical.equals( rightCanonical ); }
@@ -2638,7 +2643,7 @@ public class EmbedConnection implements 
 		//checkDatabaseCreatePrivileges(user, dbname);
 
 		try {
-			if (Monitor.createPersistentService(Property.DATABASE_MODULE, dbname, info) == null) 
+			if (createPersistentService(Property.DATABASE_MODULE, dbname, info) == null) 
 			{
 				// service already exists, create a warning
 				addWarning(SQLWarningFactory.newSQLWarning(SQLState.DATABASE_EXISTS, dbname));
@@ -2654,7 +2659,7 @@ public class EmbedConnection implements 
 		// and they shouldn't be interested in these JDBC attributes.
 		info.clear();
 
-		return (Database) Monitor.findService(Property.DATABASE_MODULE, dbname);
+		return (Database) findService(Property.DATABASE_MODULE, dbname);
 	}
 
     /**
@@ -2800,7 +2805,7 @@ public class EmbedConnection implements 
 			}
 			
 			// try to start the service if it doesn't already exist
-			if (!Monitor.startPersistentService(dbname, info)) {
+			if (!startPersistentService(dbname, info)) {
 				// a false indicates the monitor cannot handle a service
 				// of the type indicated by the protocol within the name.
 				// If that's the case then we are the wrong driver
@@ -2813,7 +2818,7 @@ public class EmbedConnection implements 
 			// and they shouldn't be interested in these JDBC attributes.
 			info.clear();
 
-			Database database = (Database) Monitor.findService(Property.DATABASE_MODULE, dbname);
+			Database database = (Database) findService(Property.DATABASE_MODULE, dbname);
 			tr.setDatabase(database);
 
 		} catch (StandardException mse) {
@@ -3969,4 +3974,122 @@ public class EmbedConnection implements 
         throw Util.notImplemented();
     }
     
+    /////////////////////////////////////////////////////////////////////////
+    //
+    //  SECURITY
+    //
+    /////////////////////////////////////////////////////////////////////////
+
+    /**
+     * Privileged Monitor lookup. Must be package private so that user code
+     * can't call this entry point.
+     */
+    static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged service lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object findService( final String factoryInterface, final String serviceName )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.findService( factoryInterface, serviceName );
+                 }
+             }
+             );
+    }
+    
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  boolean startPersistentService( final String serviceName, final Properties properties ) 
+        throws StandardException
+    {
+        try {
+            return AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Boolean>()
+                 {
+                     public Boolean run()
+                         throws StandardException
+                     {
+                         return Monitor.startPersistentService( serviceName, properties );
+                     }
+                 }
+                 ).booleanValue();
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
+        }
+    }
+
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object createPersistentService( final String factoryInterface, final String serviceName, final Properties properties ) 
+        throws StandardException
+    {
+        try {
+            return AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object run()
+                         throws StandardException
+                     {
+                         return Monitor.createPersistentService( factoryInterface, serviceName, properties );
+                     }
+                 }
+                 );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
+        }
+    }
+
+    /**
+     * Privileged shutdown. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  void removePersistentService( final String name )
+        throws StandardException
+    {
+        try {
+            AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object run()
+                         throws StandardException
+                     {
+                         Monitor.removePersistentService( name );
+                         return null;
+                     }
+                 }
+                 );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
+        }
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java Fri Sep 26 17:12:31 2014
@@ -275,7 +275,7 @@ public class EmbedDatabaseMetaData exten
      * @return database product name
      */
 	public String getDatabaseProductName() {
-		return Monitor.getMonitor().getEngineVersion().getProductName();
+		return EmbedConnection.getMonitor().getEngineVersion().getProductName();
 	}
 
     /**
@@ -284,7 +284,7 @@ public class EmbedDatabaseMetaData exten
      * @return database version
      */
 	public String getDatabaseProductVersion() {
-		ProductVersionHolder myPVH = Monitor.getMonitor().getEngineVersion();
+		ProductVersionHolder myPVH = EmbedConnection.getMonitor().getEngineVersion();
 
 		return myPVH.getVersionBuildString(true);
 	}
@@ -3271,7 +3271,7 @@ public class EmbedDatabaseMetaData exten
 	*/
 	public int getDatabaseMajorVersion()
 	{
-		ProductVersionHolder pvh = Monitor.getMonitor().getEngineVersion();
+		ProductVersionHolder pvh = EmbedConnection.getMonitor().getEngineVersion();
 		if (pvh == null)
 		{
 		  return -1;
@@ -3288,7 +3288,7 @@ public class EmbedDatabaseMetaData exten
 	*/
 	public int getDatabaseMinorVersion()
 	{
-		ProductVersionHolder pvh = Monitor.getMonitor().getEngineVersion();
+		ProductVersionHolder pvh = EmbedConnection.getMonitor().getEngineVersion();
 		if (pvh == null)
 		{
 		  return -1;

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java Fri Sep 26 17:12:31 2014
@@ -93,9 +93,9 @@ final class LOBStreamControl {
 
     private void init(byte [] b, long len)
             throws IOException, StandardException {
-        Object monitor = Monitor.findService(
+        Object monitor = findService(
                 Property.DATABASE_MODULE, conn.getDBName());
-        final DataFactory df = (DataFactory) Monitor.findServiceModule(
+        final DataFactory df = (DataFactory) findServiceModule(
                 monitor, DataFactory.MODULE);
         try {
             AccessController.doPrivileged (new PrivilegedExceptionAction<Object>() {
@@ -623,4 +623,47 @@ final class LOBStreamControl {
     long getUpdateCount() {
         return updateCount;
     }
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object findServiceModule( final Object serviceModule, final String factoryInterface)
+        throws StandardException
+    {
+        try {
+            return AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object run()
+                         throws StandardException
+                     {
+                         return Monitor.findServiceModule( serviceModule, factoryInterface );
+                     }
+                 }
+                 );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
+        }
+    }
+
+    /**
+     * Privileged service lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object findService( final String factoryInterface, final String serviceName )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.findService( factoryInterface, serviceName );
+                 }
+             }
+             );
+    }
+    
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java Fri Sep 26 17:12:31 2014
@@ -190,12 +190,12 @@ public abstract class AuthenticationServ
 			// at boot stage.
 			//
 			store = (AccessFactory)
-				Monitor.getServiceModule(this, AccessFactory.MODULE);
+				getServiceModule(this, AccessFactory.MODULE);
 			// register to be notified upon db properties changes
 			// _only_ if we're on a database context of course :)
 
 			PropertyFactory pf = (PropertyFactory)
-				Monitor.getServiceModule(this, org.apache.derby.iapi.reference.Module.PropertyFactory);
+				getServiceModule(this, org.apache.derby.iapi.reference.Module.PropertyFactory);
 			if (pf != null)
 				pf.addPropertySetNotification(this);
 
@@ -335,7 +335,7 @@ public abstract class AuthenticationServ
     protected   String  getServiceName()
     {
         if ( store == null ) { return null; }
-        else { return Monitor.getServiceName( store ); }
+        else { return getServiceName( store ); }
     }
 
 	public String getDatabaseProperty(String key) {
@@ -827,23 +827,16 @@ public abstract class AuthenticationServ
      */
     private  static  ContextService    getContextService()
     {
-        if ( System.getSecurityManager() == null )
-        {
-            return ContextService.getFactory();
-        }
-        else
-        {
-            return AccessController.doPrivileged
-                (
-                 new PrivilegedAction<ContextService>()
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ContextService>()
+             {
+                 public ContextService run()
                  {
-                     public ContextService run()
-                     {
-                         return ContextService.getFactory();
-                     }
+                     return ContextService.getFactory();
                  }
-                 );
-        }
+             }
+             );
     }
 
     /**
@@ -852,23 +845,52 @@ public abstract class AuthenticationServ
      */
     private  static  Context    getContext( final String contextID )
     {
-        if ( System.getSecurityManager() == null )
-        {
-            return ContextService.getContext( contextID );
-        }
-        else
-        {
-            return AccessController.doPrivileged
-                (
-                 new PrivilegedAction<Context>()
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Context>()
+             {
+                 public Context run()
                  {
-                     public Context run()
-                     {
-                         return ContextService.getContext( contextID );
-                     }
+                     return ContextService.getContext( contextID );
                  }
-                 );
-        }
+             }
+             );
+    }
+
+    /**
+     * Privileged service name lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  String getServiceName( final Object serviceModule )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<String>()
+             {
+                 public String run()
+                 {
+                     return Monitor.getServiceName( serviceModule );
+                 }
+             }
+             );
+    }
+
+    /**
+     * Privileged module lookup. Must be package protected so that user code
+     * can't call this entry point.
+     */
+    static  Object getServiceModule( final Object serviceModule, final String factoryInterface )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.getServiceModule( serviceModule, factoryInterface );
+                 }
+             }
+             );
     }
 
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java Fri Sep 26 17:12:31 2014
@@ -22,8 +22,10 @@
 package org.apache.derby.impl.jdbc.authentication;
 
 import java.util.Properties;
+import java.security.AccessController;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
 import java.sql.Connection;
 import java.sql.SQLException;
 import java.sql.SQLWarning;
@@ -42,6 +44,7 @@ import org.apache.derby.iapi.reference.S
 import org.apache.derby.authentication.UserAuthenticator;
 import org.apache.derby.iapi.error.SQLWarningFactory;
 import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.monitor.ModuleFactory;
 import org.apache.derby.iapi.services.monitor.Monitor;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 import org.apache.derby.shared.common.sanity.SanityManager;
@@ -205,7 +208,7 @@ public final class NativeAuthenticationS
         if ( _credentialsDB != null )
         {
             // make sure that it is a well-formed database name
-            if ( Monitor.getMonitor().getCanonicalServiceName( _credentialsDB ) == null )
+            if ( getMonitor().getCanonicalServiceName( _credentialsDB ) == null )
             {
                 throw StandardException.newException( SQLState.BAD_CREDENTIALS_DB_NAME, _credentialsDB );
             }
@@ -339,7 +342,7 @@ public final class NativeAuthenticationS
     private boolean authenticatingInThisDatabase( String userVisibleDatabaseName )
         throws StandardException
     {
-        return authenticatingInThisService( Monitor.getMonitor().getCanonicalServiceName( userVisibleDatabaseName ) );
+        return authenticatingInThisService( getMonitor().getCanonicalServiceName( userVisibleDatabaseName ) );
     }
 
     /**
@@ -364,7 +367,7 @@ public final class NativeAuthenticationS
     {
         String  canonicalCredentialsDBName = getCanonicalServiceName( _credentialsDB );
 
-        String canonicalDB = Monitor.getMonitor().getCanonicalServiceName( canonicalDatabaseName );
+        String canonicalDB = getMonitor().getCanonicalServiceName( canonicalDatabaseName );
 
         if ( canonicalCredentialsDBName == null ) { return false; }
         else { return canonicalCredentialsDBName.equals( canonicalDatabaseName ); }
@@ -381,7 +384,7 @@ public final class NativeAuthenticationS
     private String  getCanonicalServiceName( String rawName )
         throws StandardException
     {
-        return Monitor.getMonitor().getCanonicalServiceName( rawName );
+        return getMonitor().getCanonicalServiceName( rawName );
     }
 
     ///////////////////////////////////////////////////////////////////////////////////
@@ -493,7 +496,7 @@ public final class NativeAuthenticationS
         //
         // we expect to find a data dictionary
         //
-        DataDictionary      dd = (DataDictionary) Monitor.getServiceModule( this, DataDictionary.MODULE );        
+        DataDictionary      dd = (DataDictionary) AuthenticationServiceBase.getServiceModule( this, DataDictionary.MODULE );        
         UserDescriptor      userDescriptor = dd.getUser( userName );
         
         if ( userDescriptor == null )
@@ -566,4 +569,41 @@ public final class NativeAuthenticationS
         return true;
     }
     
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
+    
+    /**
+     * Privileged Monitor lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  String  getServiceName( final Object serviceModule )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<String>()
+             {
+                 public String run()
+                 {
+                     return Monitor.getServiceName( serviceModule );
+                 }
+             }
+             );
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/bytecode/BCJava.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/bytecode/BCJava.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/bytecode/BCJava.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/bytecode/BCJava.java Fri Sep 26 17:12:31 2014
@@ -42,6 +42,9 @@ import org.apache.derby.shared.common.sa
 
 import org.apache.derby.iapi.services.classfile.VMDescriptor;
 
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Properties;
 import java.util.Hashtable;
 
@@ -160,8 +163,7 @@ public class BCJava implements JavaFacto
 	 */
 	public void boot(boolean create, Properties properties) throws StandardException {
 
-		CacheFactory cf =
-			(CacheFactory) Monitor.startSystemModule(org.apache.derby.iapi.reference.Module.CacheFactory);
+        CacheFactory cf = (CacheFactory) startSystemModule( org.apache.derby.iapi.reference.Module.CacheFactory );
 
 		/*
 		** The initial and maximum cache sizes are based on experiments
@@ -319,4 +321,31 @@ public class BCJava implements JavaFacto
 		}
 		return BCExpr.vm_void;
 	}
+
+    
+    /**
+     * Privileged startup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private  static  Object  startSystemModule( final String factoryInterface )
+        throws StandardException
+    {
+        try {
+            return AccessController.doPrivileged
+                (
+                 new PrivilegedExceptionAction<Object>()
+                 {
+                     public Object run()
+                         throws StandardException
+                     {
+                         return Monitor.startSystemModule( factoryInterface );
+                     }
+                 }
+                 );
+        } catch (PrivilegedActionException pae)
+        {
+            throw StandardException.plainWrapException( pae );
+        }
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java Fri Sep 26 17:12:31 2014
@@ -21,6 +21,8 @@
 
 package org.apache.derby.impl.services.cache;
 
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.concurrent.ConcurrentHashMap;
@@ -716,7 +718,7 @@ final class ConcurrentCache implements C
         }
 
         ManagementService managementService =
-                (ManagementService) Monitor.getSystemModule(Module.JMX);
+                (ManagementService) getSystemModule(Module.JMX);
 
         if (managementService != null) {
             mbean = managementService.registerMBean(
@@ -731,7 +733,7 @@ final class ConcurrentCache implements C
     public void deregisterMBean() {
         if (mbean != null) {
             ManagementService managementService =
-                (ManagementService) Monitor.getSystemModule(Module.JMX);
+                (ManagementService) getSystemModule(Module.JMX);
             if (managementService != null) {
                 managementService.unregisterMBean(mbean);
             }
@@ -799,4 +801,23 @@ final class ConcurrentCache implements C
     long getUsedEntries() {
         return cache.size();
     }
+    
+    /**
+     * Privileged module lookup. Must be private so that user code
+     * can't call this entry point.
+     */
+    private static  Object getSystemModule( final String factoryInterface )
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<Object>()
+             {
+                 public Object run()
+                 {
+                     return Monitor.getSystemModule( factoryInterface );
+                 }
+             }
+             );
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java Fri Sep 26 17:12:31 2014
@@ -728,7 +728,7 @@ public class BasicDaemon implements Daem
 		}
 		else
 		{
-			ModuleFactory mf = Monitor.getMonitor();
+			ModuleFactory mf = getMonitor();
             setThreadPriority(mf, Thread.MIN_PRIORITY);
 			Thread.yield();
             setThreadPriority(mf, oldPriority);
@@ -752,4 +752,23 @@ public class BasicDaemon implements Daem
             });
         }
     }
+    
+    /**
+     * Privileged Monitor lookup. Must be package private so that user code
+     * can't call this entry point.
+     */
+    static  ModuleFactory  getMonitor()
+    {
+        return AccessController.doPrivileged
+            (
+             new PrivilegedAction<ModuleFactory>()
+             {
+                 public ModuleFactory run()
+                 {
+                     return Monitor.getMonitor();
+                 }
+             }
+             );
+    }
+
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java Fri Sep 26 17:12:31 2014
@@ -282,7 +282,7 @@ public class IndexStatisticsDaemonImpl
                 if (runningThread == null) {
                     //DERBY-5582. Make sure the thread is in the derby group
                     // to avoid potential security manager issues
-                    runningThread = Monitor.getMonitor().getDaemonThread(this, "index-stat-thread", false);
+                    runningThread = BasicDaemon.getMonitor().getDaemonThread(this, "index-stat-thread", false);
                     runningThread.start();
                 }
             }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java?rev=1627831&r1=1627830&r2=1627831&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java Fri Sep 26 17:12:31 2014
@@ -49,7 +49,7 @@ public class SingleThreadDaemonFactory i
 	{
 		BasicDaemon daemon = new BasicDaemon(contextService);
 
-		final Thread daemonThread = Monitor.getMonitor().getDaemonThread(daemon, name, false);
+		final Thread daemonThread = BasicDaemon.getMonitor().getDaemonThread(daemon, name, false);
 		// DERBY-3745.  setContextClassLoader for thread to null to avoid
 		// leaking class loaders.
 		try {



Mime
View raw message