db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John H. Embretsen (JIRA)" <j...@apache.org>
Subject [jira] Created: (DERBY-3614) Granted SystemPermissions are ignored when granted later with same target and different action
Date Fri, 11 Apr 2008 14:48:05 GMT
Granted SystemPermissions are ignored when granted later with same target and different action

                 Key: DERBY-3614
                 URL: https://issues.apache.org/jira/browse/DERBY-3614
             Project: Derby
          Issue Type: Bug
          Components: Security
    Affects Versions:
         Environment: Security Manager installed, custom policy file
            Reporter: John H. Embretsen
            Priority: Minor

org.apache.derby.security.SystemPermission represents access to system-wide Derby privileges,
such as privileges relating to JMX management and monitoring. A system permission is identified
by a name (aka. "target") and optionally an action associated with that name. SystemPermission
extends java.security.BasicPermission. See also DERBY-3491.

If a SystemPermission is granted for the same target (name) more than once in a set of policy
files loaded by the security manager, the last entry seems to overwrite any previous entries,
potentially causing SecurityExceptions. Details follow.

The currently accepted targets are: engine, server, jmx
The currently accepted actions are: monitor, control, shutdown

If a policy file specifies e.g.

  grant {
      permission org.apache.derby.security.SystemPermission "server", "monitor";
      permission org.apache.derby.security.SystemPermission "server", "control";

then the first ("server", "monitor") permission is ignored when the permission checks are
actually performed by the security manager. 

No documentation currently specifies the behavior of SystemPermission in such cases. It seems
that the most common and least error-prone way of handling this is to accept each permission
grant entry unless there is a conflict between the entries (in which case the result should
be well defined and documented).

Current behavior seems unintuitive and is contrary to the behavior of similar permissions
available in the Java platform, e.g. java.util.PropertyPermission which also extends java.security.BasicPermission.
For example, the following grants both "read" and "write" permissions to all Principals and

  grant {
      permission java.util.PropertyPermission "my.sysprop", "write";
      permission java.util.PropertyPermission "my.sysprop", "read";

A workaround is to make sure that the same permission/target is not specified more than once
within a set of policy files. If more than one action needs to be granted for the same target,
the following syntax will work:

  grant {
      permission org.apache.derby.security.SystemPermission "server", "monitor,control";

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message