db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-2466) Allow dynamic reloading of the security policy file
Date Fri, 23 Mar 2007 17:39:32 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-2466:
---------------------------------

    Attachment: derby-2466-01.diff

Attaching patch for this feature. This patch adds a system procedure for reloading the security
policy file. This patch also adds a regression test which verifies that only the DBA can reload
the policy file and only if the getPolicy() permission has been granted by the already-loaded
policy.

This patch touches the following files:

M      java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
M      java/engine/org/apache/derby/impl/jdbc/Util.java
M      java/engine/org/apache/derby/catalog/SystemProcedures.java

  Wire the new procedure into our SQL machinery.

M      java/engine/org/apache/derby/loc/messages.xml
M      java/shared/org/apache/derby/shared/common/reference/SQLState.java

   Add a new error message, provoked when the procedure is called but getPolicy() wasn't granted.

M      java/drda/org/apache/derby/drda/server.policy

   Add getPolicy() privilege to the Basic policy file loaded by the secure server.

A      java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
A      java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
A      java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java
M      java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
A      java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy

   Wire the new unit test into our JUnit machinery.

M      java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy

   Add getPolicy() permission to the default testing policy.

M      java/testing/org/apache/derbyTesting/junit/BaseTestCase.java
M      java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java

   Make it possible for the decorators to unload the security manager and load a new one with
a different policy file.

M      java/testing/org/apache/derbyTesting/junit/TestConfiguration.java

   Replace some magic strings with a constant and make the DBO;s name public. Also add a privilege
execution block around a case exposed by the new test.

M      java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java

   Replace some magic strings with constants and make them public.




> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
>                 Key: DERBY-2466
>                 URL: https://issues.apache.org/jira/browse/DERBY-2466
>             Project: Derby
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Rick Hillegas
>         Assigned To: Rick Hillegas
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be dynamically
reloaded while a server is running: We add a getPolicy permission to the Basic policy and
we add a DBA-owned system procedure, SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads
the policy file. This JIRA tracks that work.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message