Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A86DF113C0 for ; Fri, 4 Jul 2014 08:33:34 +0000 (UTC) Received: (qmail 46390 invoked by uid 500); 4 Jul 2014 08:33:34 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 46344 invoked by uid 500); 4 Jul 2014 08:33:34 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 46221 invoked by uid 99); 4 Jul 2014 08:33:34 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jul 2014 08:33:34 +0000 Date: Fri, 4 Jul 2014 08:33:34 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: derby-dev@db.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DERBY-6626) Check type of user-supplied modules before creating instances MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-6626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14052257#comment-14052257 ] ASF subversion and git services commented on DERBY-6626: -------------------------------------------------------- Commit 1607795 from [~knutanders] in branch 'code/trunk' [ https://svn.apache.org/r1607795 ] DERBY-6626: Check type of user-supplied modules before creating instances Make SequenceUpdater verify that the class specified by the derby.language.sequence.preallocator property is a SequencePreallocator before attempting to create an instance of it. Make dblook and ij verify that user-specified JDBC driver class names and DataSource class names implement the correct interfaces before attempting to create and use them. > Check type of user-supplied modules before creating instances > ------------------------------------------------------------- > > Key: DERBY-6626 > URL: https://issues.apache.org/jira/browse/DERBY-6626 > Project: Derby > Issue Type: Improvement > Components: Miscellaneous > Affects Versions: 10.11.0.0 > Reporter: Knut Anders Hatlen > Attachments: d6626-1a-encryptionProvider.diff, d6626-2a.diff > > > Derby allows users to specify names of classes to use for various pluggable modules. > In some cases, it verifies that the class implements the expected interface before it creates an instance of the class. For example in SpecificAuthenticactionServiceImpl: > {code} > Class sasClass = Class.forName(specificAuthenticationScheme); > if (!UserAuthenticator.class.isAssignableFrom(sasClass)) { > throw StandardException.newException(SQLState.AUTHENTICATION_NOT_IMPLEMENTED, > specificAuthenticationScheme, "org.apache.derby.authentication.UserAuthenticator"); > } > UserAuthenticator aScheme = (UserAuthenticator) sasClass.newInstance(); > {code} > In other cases, it creates an instance without checking, and instead fails with a ClassCastException or some other exception when trying to use the instance of the incorrect type. Examples: Java5SystemProcedures SYSCS_REGISTER_TOOL(), JCECipherFactory, SequenceUpdater.makePreallocator(). > I think it would be good to have similar checks in these other cases too. That'll give clearer error messages which explain what the problem is, and it will be safer because it limits which constructors the users can force the Derby engine to invoke. -- This message was sent by Atlassian JIRA (v6.2#6252)