db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5631) Extend SecurityManagerSetup to add extra privileges to the set of default privileges (merge two policy files)
Date Wed, 07 Mar 2012 07:33:57 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Kristian Waagan updated DERBY-5631:

    Attachment: derby-5631-1f-merge_policy_files_fix-priv.diff

Attaching patch 1f, which adds a missing privileged block in mergePolicies.

Changes in order of importance:
 o added doPrivileged-block when converting from File to URI to URL to String
 o replaced code block with utility method in setSecurityPolicy
 o imported some security classes and removed package prefix (i.e. new java.security.PrivilegedAction
to new PrivilegedAction)
 o added a missing word to a @throws tag

suites.All passed on both Solaris 11 and Linux with this patch (and the new ProtocolTest enabled).
Patch ready for review.
> Extend SecurityManagerSetup to add extra privileges to the set of default privileges
(merge two policy files)
> -------------------------------------------------------------------------------------------------------------
>                 Key: DERBY-5631
>                 URL: https://issues.apache.org/jira/browse/DERBY-5631
>             Project: Derby
>          Issue Type: Improvement
>          Components: Test
>    Affects Versions:
>            Reporter: Kristian Waagan
>            Assignee: Kristian Waagan
>             Fix For:
>         Attachments: derby-5631-1a-merge_policy_files.diff, derby-5631-1b-merge_policy_files.diff,
derby-5631-1c-merge_policy_files.diff, derby-5631-1d-merge_policy_files-fix.diff, derby-5631-1e-merge_policy_files-fix-url.diff,
derby-5631-1f-merge_policy_files_fix-priv.diff, derby-5631-2a-introduce_NO_POLICY_constant.diff
> When moving ProtocolTest into suites all (see DERBY-2031), I needed to allow the test
code to create a socket. There was already a policy file for the old harness for doing this,
but when using this with the JUnit framework I ended up adding privilege after privilege to
get the framework itself running.
> Instead of creating a large policy file duplicating all the privileges that the framework
requires to function properly, I think it would be better to make the SecurityManagerSetup
capable of merging the test specific policy file with the default policy file.
> This mode of operation can be used when you need a few extra privileges to execute the
test, but there are probably also tests where you want full control of the privileges - in
which case you use the existing mode of operation.
> I'm not 100% sure this approach will always work, but basic testing has shown promising

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message