db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Reopened: (DERBY-1540) JDBC 4 EoD with default QueryObjectGenerator fails with SecurityManager
Date Tue, 15 May 2007 21:15:16 GMT

     [ https://issues.apache.org/jira/browse/DERBY-1540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas reopened DERBY-1540:

> JDBC 4 EoD with default QueryObjectGenerator  fails with SecurityManager
> ------------------------------------------------------------------------
>                 Key: DERBY-1540
>                 URL: https://issues.apache.org/jira/browse/DERBY-1540
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC
>    Affects Versions:
>            Reporter: Daniel John Debrunner
>         Assigned To: Rick Hillegas
>             Fix For:
>         Attachments: derby-1540_v01.diff
> The test jdbc4/TestQueryObject runs without the security manager because the default
QueryObjectGenerator uses reflection.
> See  trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/TestQueryObject_app.properties
> Seems like a bug, but not sure of its cause or solution: Could be one (or none) of:
> - Make changes in Derby code, e.g. add privilege blocks but don't see how this will solve
anything as it's not Derby code that's calling the reflection and I don't see any javadoc
comments in JDBC 4.0 about methods throwing SecurityExceptions.
> - document the privileges required to use the EoD features, though not sure how we would
document the ability to grant a privilege to system (JDK) code. Are these privileges documented
in the JDBC spec?
> - a bug in the Mustang beta, default query object not being treated as system code, no
priv blocks in it?
> - a limitation of the default  QueryObjectGenerator , cannot use with a security manager?
> - a Derby test problem?
> This is more of a tracking issue, with a dump of my thoughts.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message