db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-3476) Permissions and Principal objects added by this feature need to be final and have serialization identifiers
Date Tue, 08 Jul 2014 14:19:05 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen updated DERBY-3476:
--------------------------------------

    Attachment: d3476-2a-database-permission.diff

[^d3476-2a-database-permission.diff] improves the serialization logic of the DatabasePermission
class. It changes the stored format of DatabasePermission. This doesn't cause any compatibility
issues, though, since the code paths that use DatabasePermission haven't been enabled yet.

The patch makes the following changes:

- The pathType field is made transient. It is recomputed on deserialization (also with the
existing logic), so storing it is redundant.

- The url field is removed from the class. This field holds exactly the same string as the
name field of the parent class (Permission), so it's redundant. Also, the existing deserialization
logic only checks the validity of the url field. The name field is not checked. So it is possible
that a DatabasePermission object is inconsistent (has an invalid name) if it's read from a
corrupted stream.

- The Permission.name field is validated on deserialization.

- A new field "actions" is added, which holds the value received in the actions parameter
of the constructor. This isn't strictly necessary currently, since the constructor only accepts
actions="create", so we always know its value. Adding the field allows us to accept more values
later without changing the stored format, so it might avoid compatibility issues in the future.
The new field is validated on deserialization the same way as on construction.

- The logic to parse the actions string is refactored so that SystemPermission and DatabasePermission
can share the code.

I noticed that the handing of the actions string isn't exactly the same in SystemPermission
and DatabasePermission. SystemPermission ignores empty and invalid actions, whereas DatabasePermission
raises an IllegalArgumentException if the constructor gets an empty actions string or one
that contains an invalid action. The patch preserves this difference in the deserialization
logic.

All regression tests ran cleanly with the patch.

> Permissions and Principal objects added by this feature need to be final and have serialization
identifiers
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3476
>                 URL: https://issues.apache.org/jira/browse/DERBY-3476
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Services
>            Reporter: Daniel John Debrunner
>         Attachments: d3476-1a-system-permission.diff, d3476-2a-database-permission.diff
>
>
> Need serialization id to ensure the class is portable across releases.
> Need final to provide security.
> (assumes patch10 is committed from DERBY-2109)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message