db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mamta Satoor" <msat...@gmail.com>
Subject Re: Security policy file and 2 new properties
Date Fri, 19 Jan 2007 22:46:42 GMT
I just wanted to share that I was able to fix the problem. The problem was
that I was not reading the system properties inside a privileged block.

I have found an existing method getSystemProperty in
org.apache.derby.iapi.services.property.PropertyUtil which does the job of
reading a system wide property inside a privileged block. The method has the
comment that this method can be used by a system that is not running
Cloudscape (I will change the Cloudscape reference to Derby in my patch) and
hence I think it should be safe for me to call this method from the client
driver even though the PropertyUtil class is in engine code. I will also
bring this issue of calling method across the engine/client codeline in my
patch for DERBY-1275 once I have a test ready to test the system properties.

Mamta

On 1/19/07, Mamta Satoor <msatoor@gmail.com> wrote:
>
> Hi,
>
> I am new to the world of security manager and security policy files. For
> DERBY-1275(DERBY-1275 Provide a way to enable client tracing without
> changing the application), I am adding 2 new system properties, namely
> derby.client.traceDirectory and derby.client.traceLevel. These 2
> properties are read by the client driver (
> org.apache.derby.jdbc.ClientBaseDataSource).
>
> When I run(using classes folder) the junit tests suite
> org.apache.derbyTesting.functionTests.suites.All, I get
> AccessControlException: access denied (java.util.PropertyPermission
> derby.client.traceLevel read). I am assuming that the junit tests are
> using the policy file derby_tests.policy located in
> derbyTesting.functionTests.util.derby_tests.policy. That policy file has
> following granted when running through the classes folder (I have copied
> subset of granted permission for codeBase)
> grant codeBase "${derbyTesting.codeclasses}" {
>   // Access all properties using System.getProperties
>   permission java.util.PropertyPermission "*", "read, write";
>   permission java.util.PropertyPermission "derby.*", "read";
>   ......
>
> As can be seen from above, permission to read all properties starting with
> derby. has already been granted. But for some reason, this doesn't get
> picked up when I run my junit tests. In order for the tests to succeed, for
> now, I had to grant following blanket property permission reads in the
> policy file.
> grant {
>     permission java.util.PropertyPermission "derby.client.traceLevel",
> "read";
>     permission java.util.PropertyPermission "derby.client.traceDirectory",
> "read";
> };
>
> My question is why are the 2 new properties not covered by the existing
> property permissions granted at the classes folder level? Also, where does
> variable derbyTesting.codeclasses get set? Do I need to set that manually
> before firing the junit tests?
>
> Any help will be greatly appreciated. Thanks,
> Mamta
>
>

Mime
View raw message