db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3614) Granted SystemPermissions are ignored when granted later with same target and different action
Date Tue, 30 Jun 2009 13:38:47 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-3614:
---------------------------------

    Component/s: Miscellaneous

> Granted SystemPermissions are ignored when granted later with same target and different
action
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3614
>                 URL: https://issues.apache.org/jira/browse/DERBY-3614
>             Project: Derby
>          Issue Type: Bug
>          Components: Miscellaneous
>    Affects Versions: 10.4.1.3
>         Environment: Security Manager installed, custom policy file
>            Reporter: John H. Embretsen
>            Priority: Minor
>
> org.apache.derby.security.SystemPermission represents access to system-wide Derby privileges,
such as privileges relating to JMX management and monitoring. A system permission is identified
by a name (aka. "target") and optionally an action associated with that name. SystemPermission
extends java.security.BasicPermission. See also DERBY-3491.
> If a SystemPermission is granted for the same target (name) more than once in a set of
policy files loaded by the security manager, the last entry seems to overwrite any previous
entries, potentially causing SecurityExceptions. Details follow.
> The currently accepted targets are: engine, server, jmx
> The currently accepted actions are: monitor, control, shutdown
> If a policy file specifies e.g.
>   grant {
>       permission org.apache.derby.security.SystemPermission "server", "monitor";
>       permission org.apache.derby.security.SystemPermission "server", "control";
>   }
> then the first ("server", "monitor") permission is ignored when the permission checks
are actually performed by the security manager. 
> No documentation currently specifies the behavior of SystemPermission in such cases.
It seems that the most common and least error-prone way of handling this is to accept each
permission grant entry unless there is a conflict between the entries (in which case the result
should be well defined and documented).
> Current behavior seems unintuitive and is contrary to the behavior of similar permissions
available in the Java platform, e.g. java.util.PropertyPermission which also extends java.security.BasicPermission.
For example, the following grants both "read" and "write" permissions to all Principals and
codebases:
>   grant {
>       permission java.util.PropertyPermission "my.sysprop", "write";
>       permission java.util.PropertyPermission "my.sysprop", "read";
>   }
> A workaround is to make sure that the same permission/target is not specified more than
once within a set of policy files. If more than one action needs to be granted for the same
target, the following syntax will work:
>   grant {
>       permission org.apache.derby.security.SystemPermission "server", "monitor,control";
>   }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message