You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2007/03/26 15:56:14 UTC
svn commit: r522515 - in /db/derby/code/trunk/java:
drda/org/apache/derby/drda/ engine/org/apache/derby/catalog/
engine/org/apache/derby/impl/jdbc/
engine/org/apache/derby/impl/sql/catalog/ engine/org/apache/derby/loc/
shared/org/apache/derby/shared/co...
Author: rhillegas
Date: Mon Mar 26 06:56:07 2007
New Revision: 522515
URL: http://svn.apache.org/viewvc?view=rev&rev=522515
Log:
DERBY-2466: Introduce system procedure which reloads the security policy file.
Added:
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy (with props)
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java (with props)
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy (with props)
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy (with props)
Modified:
db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/Util.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestCase.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Mon Mar 26 06:56:07 2007
@@ -9,6 +9,12 @@
permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
//
+// This permission lets a DBA reload this policy file while the server
+// is still running.
+//
+ permission java.security.SecurityPermission "getPolicy";
+
+//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java Mon Mar 26 06:56:07 2007
@@ -21,6 +21,10 @@
package org.apache.derby.catalog;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+import java.security.Policy;
import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.PreparedStatement;
@@ -73,6 +77,20 @@
*/
public static String SQLERRMC_MESSAGE_DELIMITER = new String(new char[] {(char)20,(char)20,(char)20});
+ public static class ReloadPolicyAction implements PrivilegedExceptionAction
+ {
+ public ReloadPolicyAction() {}
+
+ public Object run()
+ throws Exception
+ {
+ Policy policy = Policy.getPolicy();
+
+ policy.refresh();
+
+ return null;
+ }
+ }
/**
Method used by Derby Network Server to get localized message (original call
from jcc.
@@ -1416,6 +1434,27 @@
ps.close();
}
+ /**
+ * Reload the policy file.
+ * <p>
+ * System procedure called thusly:
+ *
+ * SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY()
+ **/
+ public static void SYSCS_RELOAD_SECURITY_POLICY()
+ throws SQLException
+ {
+ ReloadPolicyAction reloadPolicyAction = new ReloadPolicyAction();
+
+ try {
+ AccessController.doPrivileged( reloadPolicyAction );
+ }
+ catch (Exception e)
+ {
+ throw Util.policyNotReloaded( e );
+ }
+ }
+
/**
* Method to return the constant PI.
* SYSFUN.PI().
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/Util.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/Util.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/Util.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/Util.java Mon Mar 26 06:56:07 2007
@@ -220,6 +220,11 @@
}
+ public static SQLException policyNotReloaded( Throwable t ) {
+ return newEmbedSQLException(SQLState.POLICY_NOT_RELOADED, new Object[] { t.getMessage() },
+ StandardException.getSeverityFromIdentifier(SQLState.POLICY_NOT_RELOADED), t);
+ }
+
public static SQLException notImplemented() {
return notImplemented( MessageService.getTextMessage(MessageId.CONN_NO_DETAILS) );
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java Mon Mar 26 06:56:07 2007
@@ -10627,6 +10627,23 @@
(TypeDescriptor) null,
tc);
}
+
+
+ // void SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY()
+ {
+ createSystemProcedureOrFunction(
+ "SYSCS_RELOAD_SECURITY_POLICY",
+ sysUtilUUID,
+ null,
+ null,
+ 0,
+ 0,
+ RoutineAliasInfo.NO_SQL,
+ (TypeDescriptor) null,
+ tc);
+ }
+
+
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/loc/messages.xml Mon Mar 26 06:56:07 2007
@@ -4456,7 +4456,19 @@
</family>
+ <family>
+ <title>Class XK: Security Exceptions</title>
+ <msg>
+ <name>XK000.S</name>
+ <text>The security policy could not be reloaded: {0}</text>
+ <arg>reason</arg>
+ </msg>
+
+ </family>
+
+
+
<family>
<title>Class XN: Network Client Exceptions</title>
Modified: db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java (original)
+++ db/derby/code/trunk/java/shared/org/apache/derby/shared/common/reference/SQLState.java Mon Mar 26 06:56:07 2007
@@ -137,6 +137,11 @@
<LI> XSCH0 Heap
</UL>
+ <LI>Security
+ <UL>
+ <LI> XK...
+ </UL>
+
<LI>Reserved for IBM Use: XQC00 - XQCZZ
</UL>
*/
@@ -1621,7 +1626,7 @@
String NO_UPGRADE = "XJ050.U";
/*
- ** Messages whose SQL states are proscribed by DRDA
+ ** Messages whose SQL states are prescribed by DRDA
*/
String DRDA_NO_AUTOCOMMIT_UNDER_XA = "2D521.S.1";
String DRDA_INVALID_XA_STATE_ON_COMMIT_OR_ROLLBACK = "2D521.S.2";
@@ -1702,5 +1707,11 @@
String PERIOD_AS_CHAR_DELIMITER_NOT_ALLOWED ="XIE0K.S";
String TABLE_NOT_FOUND ="XIE0M.S";
String IMPORTFILE_HAS_INVALID_HEXSTRING ="XIE0N.S";
+
+
+ /*
+ ** Security XK...
+ */
+ String POLICY_NOT_RELOADED ="XK000.S";
}
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy?view=auto&rev=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy Mon Mar 26 06:56:07 2007
@@ -0,0 +1,51 @@
+grant codeBase "${derbyTesting.codejar}derby.jar"
+{
+//
+// These permissions are needed for everyday, embedded Derby usage.
+//
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.util.PropertyPermission "derby.*", "read";
+ permission java.io.FilePermission "${derby.system.home}","read";
+ permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+
+//
+// This permission lets a DBA reload this policy file while the server
+// is still running.
+//
+ permission java.security.SecurityPermission "getPolicy";
+
+//
+// This permission lets you backup and restore databases
+// to and from arbitrary locations in your file system.
+//
+// This permission also lets you import/export data to and from
+// arbitrary locations in your file system.
+//
+// You may want to restrict this access to specific directories.
+//
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "${derbyTesting.codejar}derbynet.jar"
+{
+//
+// This permission lets the Network Server manage connections from clients.
+//
+ permission java.net.SocketPermission "${derbyTesting.serverhost}:*", "accept, connect, resolve";
+ permission java.net.SocketPermission "localhost:*", "accept, connect, resolve";
+};
+
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar"
+{
+ // Read all properties
+ permission java.util.PropertyPermission "*", "read,write";
+
+ // Access all files
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+
+ // When running with useprocess=false need to install and uninstall
+ // the security manager and allow setIO to change the system err and out
+ // streams. Currently the nist suite runs with useprocess=false.
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.lang.RuntimePermission "setIO";
+};
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
------------------------------------------------------------------------------
svn:eol-style = native
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java?view=auto&rev=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java Mon Mar 26 06:56:07 2007
@@ -0,0 +1,399 @@
+/**
+ * Derby - Class org.apache.derbyTesting.functionTests.tests.lang.SecurityPolicyReloadingTest
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.derbyTesting.functionTests.tests.lang;
+
+import java.io.File;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
+import java.sql.Connection;
+import java.sql.CallableStatement;
+import java.sql.SQLException;
+
+import junit.framework.Test;
+import junit.extensions.TestSetup;
+import junit.framework.TestSuite;
+
+import org.apache.derbyTesting.junit.BaseJDBCTestCase;
+import org.apache.derbyTesting.junit.JDBC;
+import org.apache.derbyTesting.junit.SecurityManagerSetup;
+import org.apache.derbyTesting.junit.SupportFilesSetup;
+import org.apache.derbyTesting.junit.SystemPropertyTestSetup;
+import org.apache.derbyTesting.junit.TestConfiguration;
+
+/**
+ * Test the dynamic reloading of the security policy file while the
+ * engine is still running.
+ */
+public class SecurityPolicyReloadingTest extends BaseJDBCTestCase {
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // CONSTANTS
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ private static final String RELOADABLE_INITIAL_SOURCE_POLICY = "functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy";
+ private static final String RELOADABLE_MODIFIED_SOURCE_POLICY = "functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy";
+ private static final String UNRELOADABLE_SOURCE_POLICY = "functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy";
+ private static final String TARGET_POLICY = "server.policy";
+
+ private static final String NON_DBO_USER = "NON_DBO_USER";
+ private static final String PASSWORD_TOKEN = "PASSWORD_TOKEN";
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // INNER CLASSES
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ public static class PropReadingAction implements PrivilegedExceptionAction
+ {
+ private final String _propName;
+
+ public PropReadingAction( String propName )
+ {
+ _propName = propName;
+ }
+
+ //
+ // This will throw an AccessControlException if we don't have
+ // privilege to read the property.
+ //
+ public Object run()
+ throws Exception
+ {
+ return System.getProperty( _propName );
+ }
+ }
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // STATE
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // CONSTRUCTORS
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ public SecurityPolicyReloadingTest
+ (
+ )
+ {
+ super( "testPolicyReloading" );
+ }
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // JUnit MACHINERY
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ public static Test suite()
+ {
+ TestSuite suite = new TestSuite("SecurityPolicyReloadingTest");
+
+ suite.addTest( decorateTest() );
+
+ return suite;
+ }
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // TEST DECORATION
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ /**
+ * Add decorators to a test run. Context is established in the reverse order
+ * that decorators are declared here. That is, decorators compose in reverse
+ * order. The order of the setup methods is:
+ *
+ * <ul>
+ * <li>Copy security policy to visible location.</li>
+ * <li>Setup authorization-enabling properties.</li>
+ * <li>Install a security manager.</li>
+ * <li>Run the tests.</li>
+ * </ul>
+ */
+ private static Test decorateTest()
+ {
+ SecurityPolicyReloadingTest undecoratedTest = new SecurityPolicyReloadingTest();
+ Test test = undecoratedTest;
+
+ //
+ // Install a security manager using the initial policy file.
+ //
+ test = new SecurityManagerSetup( test, undecoratedTest.makeServerPolicyName() );
+
+ //
+ // Set up authorization with a DBO and non-DBO user
+ //
+ test = TestConfiguration.sqlAuthorizationDecorator
+ (
+ test,
+ new String[] { NON_DBO_USER },
+ PASSWORD_TOKEN
+ );
+
+ //
+ // Copy over the initial policy file we want to use.
+ //
+ test = new SupportFilesSetup
+ (
+ test,
+ null,
+ new String[] { undecoratedTest.getSourcePolicy() },
+ null,
+ new String[] { undecoratedTest.makeTargetPolicyStub() }
+ );
+
+ return test;
+ }
+
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // JUnit TESTS
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ /**
+ * Verify that policy file reloading is allowed and forbidden as expected.
+ */
+ public void testPolicyReloading()
+ throws Exception
+ {
+ //getTestConfiguration().setVerbosity( true );
+
+ doPolicyReloadingIsGranted();
+ doPolicyReloadingIsNotGranted();
+ }
+
+ ////////////////////////////////////////////////////
+ //
+ // getPolicy() PRIVILEGE GRANTED
+ //
+ ////////////////////////////////////////////////////
+
+ /**
+ * Verify that the DBA has the power to reload the security policy file and
+ * that a non-DBA does not have this power.
+ */
+ private void doPolicyReloadingIsGranted()
+ throws Exception
+ {
+ dbaTest();
+ nonDbaTest();
+ }
+
+ /**
+ * Verify that the DBA has the power to reload the security policy file.
+ */
+ private void dbaTest()
+ throws Exception
+ {
+ Connection conn = openUserConnection( TestConfiguration.TEST_DBO );
+
+ assertTrue( "Initially, should be able to read property.", canReadProperty() );
+
+ // Now prove that the DBO can reload the policy file.
+ changePolicyFile( conn, RELOADABLE_MODIFIED_SOURCE_POLICY, true, null );
+ assertFalse( "Policy file changed. Should not be able to read the property.", canReadProperty() );
+
+ // Return to initial policy file.
+ changePolicyFile( conn, RELOADABLE_INITIAL_SOURCE_POLICY, true, null );
+ assertTrue( "Reverted to initial policy. Should be able to read the property again.", canReadProperty() );
+
+ conn.close();
+ }
+
+ /**
+ * Verify that the non-DBA does not have the power to reload the security policy file.
+ */
+ private void nonDbaTest()
+ throws Exception
+ {
+ String reservedToDBO = "2850A";
+ Connection conn = openUserConnection( NON_DBO_USER );
+
+ assertTrue( "Initially, should be able to read property.", canReadProperty() );
+
+ // Now prove that the non-DBO can't reload the policy file.
+ changePolicyFile( conn, RELOADABLE_MODIFIED_SOURCE_POLICY, false, reservedToDBO );
+ assertTrue( "Policy file not changed. Should still be able to read the property.", canReadProperty() );
+
+ // Return to initial policy file.
+ changePolicyFile( conn, RELOADABLE_INITIAL_SOURCE_POLICY, false, reservedToDBO );
+ assertTrue( "Reverted to initial policy. Should still be able to read the property again.", canReadProperty() );
+
+ conn.close();
+ }
+
+ /////////////////////////////////////////////
+ //
+ // getPolicy() IS NOT GRANTED
+ //
+ /////////////////////////////////////////////
+
+ /**
+ * Verify that even the DBA can't reload the policy file if getPolicy() has
+ * not been granted.
+ */
+ private void doPolicyReloadingIsNotGranted()
+ throws Exception
+ {
+ String insufficientPrivilege = "XK000";
+ Connection conn = openUserConnection( TestConfiguration.TEST_DBO );
+
+ // First change to a policy which does not permit policy reloading
+ changePolicyFile( conn, UNRELOADABLE_SOURCE_POLICY, true, null );
+
+ // Verify that we get an exception when we try to reload the policy file.
+ changePolicyFile( conn, RELOADABLE_INITIAL_SOURCE_POLICY, false, insufficientPrivilege );
+
+ conn.close();
+ }
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // Object OVERLOADS
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ public String toString()
+ {
+ StringBuffer buffer = new StringBuffer();
+
+ buffer.append( "SecurityPolicyReloadingTest( " );
+ buffer.append( " )" );
+
+ return buffer.toString();
+ }
+
+ ///////////////////////////////////////////////////////////////////////////////////
+ //
+ // MINIONS
+ //
+ ///////////////////////////////////////////////////////////////////////////////////
+
+ /**
+ * Return true if we have sufficient privilege to read a special property.
+ */
+ private boolean canReadProperty()
+ throws Exception
+ {
+ try {
+ String propValue = readProperty( "SecurityPolicyReloadingTest.property" );
+
+ return true;
+ }
+ catch (AccessControlException ace) { return false; }
+ }
+
+ /**
+ * Read a system property.
+ */
+ public static String readProperty( String propName )
+ throws Exception
+ {
+ PropReadingAction action = new PropReadingAction( propName );
+
+ return (String) AccessController.doPrivileged( action );
+ }
+
+ /**
+ * A handy method for debugging.
+ */
+ public static void sleep( long numberOfSeconds )
+ throws Exception
+ {
+ Thread.currentThread().sleep( numberOfSeconds * (1000L) );
+ }
+
+ /**
+ * Try to change the policy file.
+ */
+ private void changePolicyFile( Connection conn, String newPolicyFileName, boolean shouldSucceed, String expectedSQLState )
+ throws Exception
+ {
+ boolean reloaded = true;
+
+ writePolicyFile( newPolicyFileName );
+
+ CallableStatement cs = conn.prepareCall( "call SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY()" );
+
+ try {
+ cs.execute();
+ }
+ catch (SQLException se)
+ {
+ reloaded = false;
+
+ assertSQLState( expectedSQLState, se );
+ }
+
+ assertEquals( shouldSucceed, reloaded );
+ }
+
+ /**
+ * Write a new policy file.
+ */
+ private void writePolicyFile( String newPolicyFileName )
+ throws Exception
+ {
+ SupportFilesSetup.privCopyFiles
+ (
+ SupportFilesSetup.EXTINOUT,
+ new String[] { newPolicyFileName },
+ new String[] { makeTargetPolicyStub() }
+ );
+ }
+
+ /**
+ * Construct the name of the server policy file.
+ */
+ private String makeServerPolicyName()
+ {
+ return SupportFilesSetup.EXTINOUT + File.separator + makeTargetPolicyStub();
+ }
+
+ /**
+ * Get the stub name (no directory spec) for the server policy file we create.
+ */
+ private String makeTargetPolicyStub()
+ {
+ return TARGET_POLICY;
+ }
+
+ /**
+ * Get the source file which has the correct permissions.
+ */
+ private String getSourcePolicy()
+ {
+ return RELOADABLE_INITIAL_SOURCE_POLICY;
+ }
+
+}
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy?view=auto&rev=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy Mon Mar 26 06:56:07 2007
@@ -0,0 +1,51 @@
+grant codeBase "${derbyTesting.codejar}derby.jar"
+{
+//
+// These permissions are needed for everyday, embedded Derby usage.
+//
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.util.PropertyPermission "derby.*", "read";
+ permission java.io.FilePermission "${derby.system.home}","read";
+ permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+
+//
+// This permission lets a DBA reload this policy file while the server
+// is still running.
+//
+ permission java.security.SecurityPermission "getPolicy";
+
+//
+// This permission lets you backup and restore databases
+// to and from arbitrary locations in your file system.
+//
+// This permission also lets you import/export data to and from
+// arbitrary locations in your file system.
+//
+// You may want to restrict this access to specific directories.
+//
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "${derbyTesting.codejar}derbynet.jar"
+{
+//
+// This permission lets the Network Server manage connections from clients.
+//
+ permission java.net.SocketPermission "${derbyTesting.serverhost}:*", "accept, connect, resolve";
+ permission java.net.SocketPermission "localhost:*", "accept, connect, resolve";
+};
+
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar"
+{
+ // Don't allow all properties to be read
+ permission java.util.PropertyPermission "derby.*", "read,write";
+
+ // Access all files
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+
+ // When running with useprocess=false need to install and uninstall
+ // the security manager and allow setIO to change the system err and out
+ // streams. Currently the nist suite runs with useprocess=false.
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.lang.RuntimePermission "setIO";
+};
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
------------------------------------------------------------------------------
svn:eol-style = native
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy?view=auto&rev=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy Mon Mar 26 06:56:07 2007
@@ -0,0 +1,215 @@
+//
+// Policy file with minimal set of permissions to run derby's
+// functional tests.
+//
+// The test harness sets up four variables used by this policy file
+//
+// derbyTesting.codejar - URL to the jar files when they are in the classpath
+// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
+//
+// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
+// other will be set to a bogus URL like file://unused
+//
+// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
+// Only required due to a BUG (see below for more info).
+//
+// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation
+// for XML-based tests (ex. lang/XMLBindingTest.java).
+//
+// derbyTesting.serverhost - Host name or ip where network server is started
+// derbyTesting.clienthost - specifies the clients ip address/hostName.
+// when testing with networkserver on a remote host, this needs to be passed in
+// with the NetworkServerControl start command
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+ permission java.util.PropertyPermission "derby.*", "read";
+ permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+
+ // unit tests (e.g. store/T_RecoverFullLog) set this property
+ // (called from derbyTesting.jar through code in derby.jar)
+ permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";
+
+ permission java.lang.RuntimePermission "createClassLoader";
+
+ //
+ // This permission deliberately omitted.
+ //
+ // permission java.security.SecurityPermission "getPolicy";
+
+ permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+ permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+ // [DERBY-2000] The write permission was added to allow creation of the
+ // derby.system.home directory when running tests under a security manager.
+ permission java.io.FilePermission "${derby.system.home}", "read, write";
+
+ // all databases under derby.system.home
+ permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+ // Import/export and other support files from these locations in tests
+ permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+ permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read, write, delete";
+ permission java.io.FilePermission "${user.dir}${/}extout${/}-", "write";
+ permission java.io.FilePermission "${user.dir}${/}extinout", "read,write";
+
+ // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+ // JDK14 has the JCE preloaded
+ permission java.security.SecurityPermission "insertProvider.SunJCE";
+ permission java.security.SecurityPermission "insertProvider.IBMJCE";
+
+};
+
+//
+// Permissions for the network server (derbynet.jar)
+//
+grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+ permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+
+ // accept is needed for the server accepting connections
+ // connect is needed for ping command (which is in the server jar)
+ permission java.net.SocketPermission "127.0.0.1", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+ permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
+};
+
+//
+// Permissions for the network client (derbyclient.jar)
+//
+grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+ permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
+ permission java.net.SocketPermission "localhost", "connect,resolve";
+ permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+ // DERBY-1883: Since some classes that are included in both derby.jar and
+ // derbyclient.jar read properties, derbyclient.jar needs permission to read
+ // derby.* properties to avoid failures when it is listed before derby.jar in
+ // the classpath.
+ permission java.util.PropertyPermission "derby.*", "read";
+
+ // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to
+ // do tracing in that directory. Also, it needs read/write permissions in user.dir in order
+ // to create the trace files in that directory.
+ permission java.util.PropertyPermission "user.dir", "read";
+ permission java.io.FilePermission "${user.dir}${/}-", "read, write";
+
+};
+
+//
+// Permissions for the tools (derbytools.jar)
+// Ideally this would be more secure, for now the
+// focus is on getting the engine & network server secure.
+//
+grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+ // Access all properties using System.getProperties
+ permission java.util.PropertyPermission "*", "read, write";
+
+ // Read all files under ${user.dir}
+ permission java.io.FilePermission "${user.dir}${/}-", "read";
+
+ // ij needs permission to read the sql files in this jar
+ permission java.io.FilePermission "${derbyTesting.testjarpath}", "read";
+
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+// We are liberal here, it's not a goal to make the test harness
+// or tests secure.
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+ // Access all properties using System.getProperties
+ permission java.util.PropertyPermission "*", "read, write";
+
+ // Access all files under ${user.dir}to write the test directory structure
+ permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
+
+ // When running with useprocess=false need to install and uninstall
+ // the security manager and allow setIO to change the system err and out
+ // streams. Currently the nist suite runs with useprocess=false.
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.lang.RuntimePermission "setIO";
+};
+
+//
+// super-set of the jar permissions for running out of the classes directory
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+ // Access all properties using System.getProperties
+ permission java.util.PropertyPermission "*", "read, write";
+
+ permission java.util.PropertyPermission "derby.*", "read";
+ permission java.lang.RuntimePermission "createClassLoader";
+ permission java.security.SecurityPermission "getPolicy";
+
+ permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+ permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+ permission java.io.FilePermission "${derby.system.home}", "read";
+ permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+ // combination of client and server side.
+ permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+ permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+ // Access all files under ${user.dir}to write the test directory structure
+ // Also covers extin, extout and extinout locations
+ permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
+
+ // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+ // JDK14 has the JCE preloaded
+ permission java.security.SecurityPermission "insertProvider.SunJCE";
+ permission java.security.SecurityPermission "insertProvider.IBMJCE";
+
+ // When running with useprocess=false need to install and uninstall
+ // the security manager and allow setIO to change the system err and out
+ // streams. Currently the nist suite runs with useprocess=false.
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.lang.RuntimePermission "setIO";
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+ permission java.util.PropertyPermission "user.home", "read";
+ permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+ permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+};
+
+// Due to a problem running tests/derbynet/CompatibilityTest in the old test
+// harness, permission to read junit.properties is granted to all. This can be
+// removed when CompatibilityTest is rewritten to conform to our current Junit
+// usage. See DERBY-2076.
+grant {
+ permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+ permission java.lang.RuntimePermission "setIO";
+};
+
+// functionTests.tests.lang.RoutineSecurityTest requires this grant
+// to check to see if permissions are granted through generated code
+// through this mechanism.
+grant {
+ permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read";
+};
+
+// When inserting XML values that use external DTD's, the JAXP parser
+// needs permission to read the DTD files. We assume that all DTD
+// files will be copied to extin/ by whichever tests need them. So
+// grant the JAXP parser permissions to read that directory.
+grant codeBase "${derbyTesting.jaxpjar}" {
+ permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+};
+
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
------------------------------------------------------------------------------
svn:eol-style = native
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java Mon Mar 26 06:56:07 2007
@@ -83,6 +83,7 @@
suite.addTest(ScrollCursors2Test.suite());
suite.addTest(NullIfTest.suite());
suite.addTest(InListMultiProbeTest.suite());
+ suite.addTest(SecurityPolicyReloadingTest.suite());
suite.addTest(CurrentOfTest.suite());
suite.addTest(UnaryArithmeticParameterTest.suite());
suite.addTest(HoldCursorTest.suite());
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Mon Mar 26 06:56:07 2007
@@ -33,6 +33,7 @@
permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";
permission java.lang.RuntimePermission "createClassLoader";
+ permission java.security.SecurityPermission "getPolicy";
permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
@@ -138,6 +139,7 @@
permission java.util.PropertyPermission "derby.*", "read";
permission java.lang.RuntimePermission "createClassLoader";
+ permission java.security.SecurityPermission "getPolicy";
permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
@@ -206,3 +208,4 @@
grant codeBase "${derbyTesting.jaxpjar}" {
permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
};
+
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestCase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestCase.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestCase.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestCase.java Mon Mar 26 06:56:07 2007
@@ -74,8 +74,16 @@
* setUp, tearDown methods and decorators.
*/
public void runBare() throws Throwable {
- if (getTestConfiguration().defaultSecurityManagerSetup())
+
+ // install a default security manager if one has not already been
+ // installed
+ if ( System.getSecurityManager() == null )
+ {
+ if (getTestConfiguration().defaultSecurityManagerSetup())
+ {
assertSecurityManager();
+ }
+ }
super.runBare();
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java Mon Mar 26 06:56:07 2007
@@ -59,7 +59,7 @@
}
private final String decoratorPolicyResource;
- private SecurityManagerSetup(Test test, String policyResource)
+ public SecurityManagerSetup(Test test, String policyResource)
{
super(test);
this.decoratorPolicyResource = policyResource;
@@ -117,6 +117,10 @@
{
if ("<NONE>".equals(decoratorPolicyResource))
BaseTestCase.setSystemProperty("java.security.policy", "");
+ else if ( !externalSecurityManagerInstalled )
+ {
+ uninstallSecurityManager();
+ }
}
/**
@@ -140,7 +144,7 @@
private static void installSecurityManager(String policyFile)
throws PrivilegedActionException {
-
+
if (externalSecurityManagerInstalled)
return;
@@ -156,13 +160,7 @@
return;
// Uninstall the current manager.
- AccessController.doPrivileged(new java.security.PrivilegedAction() {
-
- public Object run() {
- System.setSecurityManager(null);
- return null;
- }
- });
+ uninstallSecurityManager();
}
// Set the system properties from the desired set.
@@ -178,7 +176,8 @@
// and install
AccessController.doPrivileged(new java.security.PrivilegedAction() {
- public Object run() {
+
+ public Object run() {
System.setSecurityManager(new SecurityManager());
return null;
}
@@ -353,4 +352,24 @@
}
});
}
+
+ /**
+ * Remove the security manager.
+ */
+ private static void uninstallSecurityManager()
+ throws PrivilegedActionException {
+
+ AccessController.doPrivileged
+ (
+ new java.security.PrivilegedAction()
+ {
+ public Object run() {
+ System.setSecurityManager(null);
+ return null;
+ }
+ }
+ );
+
+ }
+
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java Mon Mar 26 06:56:07 2007
@@ -61,6 +61,10 @@
*
*/
public class SupportFilesSetup extends TestSetup {
+
+ public static final String EXTIN = "extin";
+ public static final String EXTINOUT = "extinout";
+ public static final String EXTOUT = "extout";
private String[] readOnly;
private String[] readWrite;
@@ -112,19 +116,19 @@
protected void setUp() throws PrivilegedActionException, IOException
{
- privCopyFiles("extin", readOnly, readOnlyTargetFileNames);
- privCopyFiles("extinout", readWrite, readWriteTargetFileNames);
- privCopyFiles("extout", (String[]) null, (String[]) null);
+ privCopyFiles(EXTIN, readOnly, readOnlyTargetFileNames);
+ privCopyFiles(EXTINOUT, readWrite, readWriteTargetFileNames);
+ privCopyFiles(EXTOUT, (String[]) null, (String[]) null);
}
protected void tearDown()
{
- DropDatabaseSetup.removeDirectory("extin");
- DropDatabaseSetup.removeDirectory("extinout");
- DropDatabaseSetup.removeDirectory("extout");
+ DropDatabaseSetup.removeDirectory(EXTIN);
+ DropDatabaseSetup.removeDirectory(EXTINOUT);
+ DropDatabaseSetup.removeDirectory(EXTOUT);
}
- private void privCopyFiles(final String dirName, final String[] resources, final String[] targetNames)
+ public static void privCopyFiles(final String dirName, final String[] resources, final String[] targetNames)
throws PrivilegedActionException
{
AccessController.doPrivileged
@@ -138,7 +142,7 @@
}
- private void copyFiles(String dirName, String[] resources, String[] targetNames)
+ private static void copyFiles(String dirName, String[] resources, String[] targetNames)
throws PrivilegedActionException, IOException
{
File dir = new File(dirName);
@@ -221,7 +225,7 @@
*/
public static File getReadOnly(String name)
{
- return getFile("extin", name);
+ return getFile(EXTIN, name);
}
/**
* Obtain a File for the local copy of a read-write resource.
@@ -229,7 +233,7 @@
*/
public static File getReadWrite(String name)
{
- return getFile("extinout", name);
+ return getFile(EXTINOUT, name);
}
/**
* Obtain a File for the local copy of a write-only resource.
@@ -237,7 +241,7 @@
*/
public static File getWriteOnly(String name)
{
- return getFile("extout", name);
+ return getFile(EXTOUT, name);
}
private static File getFile(String dirName, String name)
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java?view=diff&rev=522515&r1=522514&r2=522515
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TestConfiguration.java Mon Mar 26 06:56:07 2007
@@ -69,6 +69,8 @@
public final static int DEFAULT_PORT = 1527;
private final static String DEFAULT_FRAMEWORK = "embedded";
public final static String DEFAULT_HOSTNAME = "localhost";
+
+ public final static String TEST_DBO = "TEST_DBO";
/**
* Keys to use to look up values in properties files.
@@ -138,10 +140,17 @@
runningInDerbyHarness = assumeHarness;
if (!assumeHarness) {
- File dsh = new File("system");
+ final File dsh = new File("system");
- BaseTestCase.setSystemProperty("derby.system.home",
- dsh.getAbsolutePath());
+ AccessController.doPrivileged
+ (new java.security.PrivilegedAction(){
+ public Object run(){
+ BaseTestCase.setSystemProperty("derby.system.home",
+ dsh.getAbsolutePath());
+ return null;
+ }
+ }
+ );
}
}
@@ -419,7 +428,7 @@
* This decorator must be the outer one in this mode.
* <code>
* test = DatabasePropertyTestSetup.builtinAuthentication(test,
- new String[] {"TEST_DBO","U1","U2",},
+ new String[] {TEST_DBO,"U1","U2",},
"nh32ew");
test = TestConfiguration.sqlAuthorizationDecorator(test);
* </code>
@@ -446,7 +455,7 @@
return changeUserDecorator(
new DatabaseChangeSetup(setSQLAuthMode, DEFAULT_DBNAME_SQL, DEFAULT_DBNAME_SQL, true),
- "TEST_DBO", "dummy"); // DRDA doesn't like empty pw
+ TEST_DBO, "dummy"); // DRDA doesn't like empty pw
}
@@ -482,7 +491,7 @@
DEFAULT_DBNAME_SQL, DEFAULT_DBNAME_SQL, true);
return changeUserDecorator(setSQLAuthMode,
- "TEST_DBO",
+ TEST_DBO,
"dummy"); // DRDA doesn't like empty pw
}
@@ -507,7 +516,7 @@
String[] users, String passwordToken)
{
String[] usersWithDBO = new String[users.length + 1];
- usersWithDBO[0] = "TEST_DBO";
+ usersWithDBO[0] = TEST_DBO;
System.arraycopy(users, 0, usersWithDBO, 1, users.length);
return sqlAuthorizationDecorator(
DatabasePropertyTestSetup.builtinAuthentication(test,