db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5631) Extend SecurityManagerSetup to add extra privileges to the set of default privileges (merge two policy files)
Date Wed, 07 Mar 2012 14:00:58 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5631?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224345#comment-13224345
] 

Rick Hillegas commented on DERBY-5631:
--------------------------------------

Thanks for the patch, Kristian. These changes look like good defensive logic to me. +1
                
> Extend SecurityManagerSetup to add extra privileges to the set of default privileges
(merge two policy files)
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5631
>                 URL: https://issues.apache.org/jira/browse/DERBY-5631
>             Project: Derby
>          Issue Type: Improvement
>          Components: Test
>    Affects Versions: 10.9.0.0
>            Reporter: Kristian Waagan
>            Assignee: Kristian Waagan
>             Fix For: 10.9.0.0
>
>         Attachments: derby-5631-1a-merge_policy_files.diff, derby-5631-1b-merge_policy_files.diff,
derby-5631-1c-merge_policy_files.diff, derby-5631-1d-merge_policy_files-fix.diff, derby-5631-1e-merge_policy_files-fix-url.diff,
derby-5631-1f-merge_policy_files_fix-priv.diff, derby-5631-2a-introduce_NO_POLICY_constant.diff
>
>
> When moving ProtocolTest into suites all (see DERBY-2031), I needed to allow the test
code to create a socket. There was already a policy file for the old harness for doing this,
but when using this with the JUnit framework I ended up adding privilege after privilege to
get the framework itself running.
> Instead of creating a large policy file duplicating all the privileges that the framework
requires to function properly, I think it would be better to make the SecurityManagerSetup
capable of merging the test specific policy file with the default policy file.
> This mode of operation can be used when you need a few extra privileges to execute the
test, but there are probably also tests where you want full control of the privileges - in
which case you use the existing mode of operation.
> I'm not 100% sure this approach will always work, but basic testing has shown promising
results.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message