db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kristian Waagan <Kristian.Waa...@Sun.COM>
Subject Security manager problems with Class.forName()
Date Thu, 02 Mar 2006 18:05:50 GMT
Hello,

I have run into a problem when running a JDBC4 JUnit test. The test is 
compiled with Mustang (Java 1.6), and all you need in the test for the 
problem to arise is a 
'Class.forName("org.apache.derby.jdbc.EmbeddedDriver")'.

When the above codeline is executed, a 
java.lang.ExceptionInInitializerError is raised with the following cause:
Caused by: java.security.AccessControlException: access denied 
(java.util.PropertyPermission derby.debug.false read)
         at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:321)
         at 
java.security.AccessController.checkPermission(AccessController.java:546)
         at 
java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
         at 
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
         at java.lang.System.getProperty(System.java:652)
         at 
org.apache.derby.impl.services.monitor.BaseMonitor.runWithState(Unknown 
Source)         at 
org.apache.derby.impl.services.monitor.FileMonitor.<init>(Unknown 
Source)         at 
org.apache.derby.iapi.services.monitor.Monitor.startMonitor(Unknown 
Source)         at org.apache.derby.iapi.jdbc.JDBCBoot.boot(Unknown 
Source)         at org.apache.derby.jdbc.EmbeddedDriver.boot(Unknown 
Source)         at org.apache.derby.jdbc.EmbeddedDriver.<clinit>(Unknown 
Source)         ... 18 more



The code causing the error is only reachable in sane builds, and is 
located in 'impl.services.monitor.BaseMonitor.runWithState()':
if (SanityManager.DEBUG) {
	// Look for the derby.debug.* properties.
	if (applicationProperties != null) {
		// MODIFIED [snip]
	}

	// MODIFIED - The error happens here!
	addDebugFlags(System.getProperty(Monitor.DEBUG_FALSE), false);
	addDebugFlags(System.getProperty(Monitor.DEBUG_TRUE), true);	}


There are at least two workarounds; grant more permissions in the 
derby_test.policy file (without a codebase argument), or use a 
doPrivileged-block around the Class.forName() call.

However, the two options above do not seem right to me.
Can we move the doPrivileged-block down into the BaseMonitor class?
There is also a Properties variable in BaseMonitor named 
systemProperties, but glancing at the code tells me it might be null 
(haven't checked the consequences of that).


Can anyone advice on this?




--
Kristian

Mime
View raw message