db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-2556) Code paths for db restore do not use doPrivileged-calls, causing SecurityException
Date Fri, 11 May 2007 13:35:15 GMT

     [ https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kristian Waagan updated DERBY-2556:
-----------------------------------

    Attachment: derby-2556-3a_alternative-patch.stat
                derby-2556-3a_alternative-patch.diff

The test failed for me when I ran it individually, but I don't think I saw the previous errors
when I ran it outside suites.All. Maybe I'll look at it later.

I made an alternative patch, which seems to fix the problem that caused 9 failures. It is
only half-baked, and the previous patch for this issue is also required. A final patch will
have to be made anyway, in one or the other direction... (can be done in two steps though)

The patch 'derby-2556-3a_alternative-patch.diff' adds a utility class for running file operations
in a privileged block. It is kept very simple, which does duplicate some code, but reduces
complexity.
Any comments on this issue?

As far as I can tell, there are more places where the "machinery"  to run in a privileged
block can be simplified by reuse. I will create a separate Jira for this if the approach is
acceptable.

To finish this patch, the added privExists method must be removed, and the appropriate calls
to PrivilegedFileOps must be inserted. If you test the patch, don't forget to apply the patch
for DERBY-2555 as well!

> Code paths for db restore do not use doPrivileged-calls, causing SecurityException
> ----------------------------------------------------------------------------------
>
>                 Key: DERBY-2556
>                 URL: https://issues.apache.org/jira/browse/DERBY-2556
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.2.2.0, 10.3.0.0
>         Environment: Derby running with a security manager.
>            Reporter: Kristian Waagan
>         Assigned To: Kathey Marsden
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2556-2a_whitespace-javadoc.diff, derby-2556-3a_alternative-patch.diff,
derby-2556-3a_alternative-patch.stat, derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a database from a
backup image, a SecurityException is thrown even though the policyfile for codebase derby.jar
is correctly configured (giving Derby access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments): https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the "application-level
code", or granting the required permissions to the application codebase as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message