You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ba...@apache.org on 2006/03/15 01:42:41 UTC
svn commit: r385941 - in /db/derby/code/trunk/java:
engine/org/apache/derby/iapi/sql/compile/
engine/org/apache/derby/iapi/sql/dictionary/
engine/org/apache/derby/impl/sql/compile/
engine/org/apache/derby/impl/sql/execute/ testing/org/apache/derbyTesti...
Author: bandaram
Date: Tue Mar 14 16:42:39 2006
New Revision: 385941
URL: http://svn.apache.org/viewcvs?rev=385941&view=rev
Log:
This patch addresses following:
1) Remove parsing of EXTERNAL SECURITY clause. According to the lates
functional specification of Grant & Revoke feature, this clause will not be
implmented. It only had partial parsing support currently.
2) Fix javadoc warnings caused by Grant & Revoke work and other javadoc
warnings too.
Submitted by Satheesh Bandaram (satheesh@sourcery.org)
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateAliasNode.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/compile/CompilerContext.java Tue Mar 14 16:42:39 2006
@@ -531,7 +531,9 @@
/**
* Add a schema privilege to the list of used privileges.
*
- * @param schemaDescriptor
+ * @param schema Schema name of the object that is being accessed
+ * @param aid Requested authorizationId for new schema
+ * @param privType Either CREATE_SCHEMA_PRIV or MODIFY_SCHEMA_PRIV
*/
public void addRequiredSchemaPriv(String schema, String aid, boolean privType);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/sql/dictionary/DataDictionary.java Tue Mar 14 16:42:39 2006
@@ -177,7 +177,7 @@
* Push a data dictionary context onto the
* current context manager.
*
- * @param nested true iff this is a nested data dictionary context.
+ * @param cm Context manager
*/
DataDictionaryContext pushDataDictionaryContext(ContextManager cm);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CompilerContextImpl.java Tue Mar 14 16:42:39 2006
@@ -755,7 +755,7 @@
/**
* Add a table or view privilege to the list of used table privileges.
*
- * @param table
+ * @see CompilerContext#addRequiredRoutinePriv
*/
public void addRequiredTablePriv( TableDescriptor table)
{
@@ -769,7 +769,7 @@
/**
* Add a routine execute privilege to the list of used routine privileges.
*
- * @param routine
+ * @see CompilerContext#addRequiredRoutinePriv
*/
public void addRequiredRoutinePriv( AliasDescriptor routine)
{
@@ -784,7 +784,7 @@
/**
* Add a required schema privilege to the list privileges.
*
- * @param SchemaDescriptor
+ * @see CompilerContext#addRequiredSchemaPriv
*/
public void addRequiredSchemaPriv(String schemaName, String aid, boolean privType)
{
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateAliasNode.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateAliasNode.java?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateAliasNode.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/CreateAliasNode.java Tue Mar 14 16:42:39 2006
@@ -119,7 +119,6 @@
// 6 - Short - SQL control
// 7 - Boolean - CALLED ON NULL INPUT (always TRUE for procedures)
// 8 - TypeDescriptor - return type (always NULL for procedures)
- // 9 - Boolean - externalSecurity (false for invoker, true for definer)
Object[] routineElements = (Object[]) aliasSpecificInfo;
Object[] parameters = (Object[]) routineElements[0];
@@ -191,9 +190,6 @@
calledOnNullInput = true;
else
calledOnNullInput = calledOnNullInputO.booleanValue();
-
- // GrantRevoke TODO: Figure out how to save external security info. Putting this in
- // RoutineAliasInfo may not be the best long term solution
aliasInfo = new RoutineAliasInfo(this.methodName, paramCount, names, types, modes, drs,
((Short) routineElements[5]).shortValue(), // parameter style
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/compile/sqlgrammar.jj Tue Mar 14 16:42:39 2006
@@ -9366,14 +9366,13 @@
6 - Short - SQL allowed.
7 - Boolean - CALLED ON NULL INPUT (always TRUE for procedures)
8 - TypeDescriptor - return type (always NULL for procedures)
- 9 - External security - invoker/definer
*/
QueryTreeNode
procedureDefinition() throws StandardException :
{
TableName procedureName;
- Object[] procedureElements = new Object[10];
+ Object[] procedureElements = new Object[9];
}
{
<PROCEDURE> procedureName = qualifiedName(Limits.MAX_IDENTIFIER_LENGTH)
@@ -9411,7 +9410,6 @@
|
<LANGUAGE> <JAVA> { clauseValue = "JAVA"; clausePosition = 3; }
|
- LOOKAHEAD({(getToken(1).kind == EXTERNAL && getToken(2).kind == NAME)})
<EXTERNAL> <NAME> clauseValue = string() { clausePosition = 4; }
|
<PARAMETER> <STYLE> clauseValue = parameterStyle() { clausePosition = 5; }
@@ -9427,9 +9425,6 @@
}
| clauseValue = calledOnNullInput(isProcedure) { clausePosition = 7; }
- |
- LOOKAHEAD({(getToken(1).kind == EXTERNAL && getToken(2).kind == SECURITY)})
- clauseValue = externalSecurity() { clausePosition = 9; }
)
{
@@ -9547,7 +9542,7 @@
functionDefinition() throws StandardException :
{
TableName functionName;
- Object[] functionElements = new Object[10];
+ Object[] functionElements = new Object[9];
}
{
<FUNCTION> functionName = qualifiedName(Limits.MAX_IDENTIFIER_LENGTH)
@@ -11836,40 +11831,6 @@
}
/*
- * <A NAME="external-security clause">externalSecurity</A>
- */
-Boolean
-externalSecurity() throws StandardException :
-{
- Boolean invocationType;
-}
-{
- <EXTERNAL> <SECURITY>
- {
- checkVersion( DataDictionary.DD_VERSION_DERBY_10_2, "EXTERNAL SECURITY");
- checkSqlStandardAccess( "EXTERNAL SECURITY");
- }
- ( invocationType = securityDefinerInvoker())
- {
- return invocationType;
- }
-}
-
-Boolean
-securityDefinerInvoker() :
-{}
-{
- <DEFINER>
- {
- return Boolean.FALSE;
- }
- | <INVOKER>
- {
- return Boolean.TRUE;
- }
-}
-
-/*
* <A NAME="grantStatement">grantStatement</A>
*/
QueryTreeNode
@@ -12534,7 +12495,6 @@
| tok = <DYNAMIC>
| tok = <DATABASE>
| tok = <DB2SQL>
- | tok = <DEFINER>
| tok = <DOCUMENT>
| tok = <EACH>
| tok = <EXCLUSIVE>
@@ -12547,7 +12507,6 @@
| tok = <INITIAL>
// SQL92 says it is reserved, but we want it to be non-reserved.
| tok = <INTERVAL>
- | tok = <INVOKER>
| tok = <JAVA>
| tok = <LANGUAGE>
| tok = <LARGE>
@@ -12606,7 +12565,6 @@
| tok = <SCALE>
| tok = <SAVEPOINT>
| tok = <SEQUENTIAL>
- | tok = <SECURITY>
| tok = <SERIALIZABLE>
| tok = <SETS>
| tok = <SHARE>
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/PrivilegeInfo.java Tue Mar 14 16:42:39 2006
@@ -51,12 +51,13 @@
/**
* Determines whether a user is the owner of an object
- * (table, function, or procedure).
+ * (table, function, or procedure). Note that DBA can access
+ * database objects without needing to be their owner
*
- * @param user
- * @param objectDescriptor
- * @param sd
- * @param DataDictionary
+ * @param user authorizationId of current user
+ * @param objectDescriptor object being checked against
+ * @param sd SchemaDescriptor
+ * @param dd DataDictionary
*
* @exception StandardException if user does not own the object
*/
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/master/grantRevokeDDL.out Tue Mar 14 16:42:39 2006
@@ -94,25 +94,10 @@
ERROR 42X05: Table 'MYSYM' does not exist.
ij(SATCONNECTION)> grant insert on mySym to foo;
ERROR 42X05: Table 'MYSYM' does not exist.
-ij(SATCONNECTION)> -- Test for external security clause
--- Expected to fail
-CREATE FUNCTION F_ABS(P1 INT)
-RETURNS INT NO SQL
-RETURNS NULL ON NULL INPUT
-EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINOR
-LANGUAGE JAVA PARAMETER STYLE JAVA;
-ERROR 42X01: Syntax error: Encountered "DEFINOR" at line 7, column 19.
-ij(SATCONNECTION)> CREATE PROCEDURE AUTH_TEST.addUserUtility(IN userName VARCHAR(50), IN permission VARCHAR(22))
-LANGUAGE JAVA PARAMETER STYLE JAVA
-EXTERNAL SECURITY INVOKER
-EXTERNAL NAME 'org.apache.derby.database.UserUtility.add';
-0 rows inserted/updated/deleted
ij(SATCONNECTION)> CREATE FUNCTION F_ABS(P1 INT)
RETURNS INT NO SQL
RETURNS NULL ON NULL INPUT
EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINER
LANGUAGE JAVA PARAMETER STYLE JAVA;
0 rows inserted/updated/deleted
ij(SATCONNECTION)> values f_abs(-5);
@@ -134,10 +119,9 @@
xxxxFILTERED-UUIDxxxx|SQLJ |SATHEESH
xxxxFILTERED-UUIDxxxx|APP |APP
xxxxFILTERED-UUIDxxxx|SATHEESH |SATHEESH
-xxxxFILTERED-UUIDxxxx|AUTH_TEST |SATHEESH
xxxxFILTERED-UUIDxxxx|MYDODO |DODO
xxxxFILTERED-UUIDxxxx|DERBY |DERBY
-7 rows selected
+6 rows selected
ij(SATCONNECTION)> -- Now connect as different user and try to do DDLs in schema owned by satheesh
connect 'grantRevokeDDL;user=Swiper' as swiperConnection;
ij(SWIPERCONNECTION)> set schema satheesh;
@@ -154,7 +138,6 @@
ij(SWIPERCONNECTION)> CREATE FUNCTION FuncNotMySchema(P1 INT)
RETURNS INT NO SQL RETURNS NULL ON NULL INPUT
EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINER
LANGUAGE JAVA PARAMETER STYLE JAVA;
ERROR 2850D: User 'SWIPER' can not perform the operation in schema 'SATHEESH'.
ij(SWIPERCONNECTION)> alter table tsat add column k int;
@@ -378,7 +361,6 @@
xxxxFILTERED-UUIDxxxx|SYSCS_UTIL |SATHEESH
xxxxFILTERED-UUIDxxxx|APP |APP
xxxxFILTERED-UUIDxxxx|SATHEESH |SATHEESH
-xxxxFILTERED-UUIDxxxx|AUTH_TEST |SATHEESH
xxxxFILTERED-UUIDxxxx|MYDODO |DODO
xxxxFILTERED-UUIDxxxx|DERBY |DERBY
xxxxFILTERED-UUIDxxxx|SWIPER |SWIPER
@@ -387,7 +369,7 @@
xxxxFILTERED-UUIDxxxx|MYFRIEND |SATHEESH
xxxxFILTERED-UUIDxxxx|MYSCHEMA |ME
xxxxFILTERED-UUIDxxxx|TESTSCHEMA |TESTSCHEMA
-21 rows selected
+20 rows selected
ij(SATCONNECTION)> -- Check if DBA can ignore all privilege checks
set connection swiperConnection;
ij(SWIPERCONNECTION)> set schema swiper;
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql?rev=385941&r1=385940&r2=385941&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/grantRevokeDDL.sql Tue Mar 14 16:42:39 2006
@@ -70,25 +70,10 @@
grant select on mySym to bar;
grant insert on mySym to foo;
--- Test for external security clause
--- Expected to fail
CREATE FUNCTION F_ABS(P1 INT)
RETURNS INT NO SQL
RETURNS NULL ON NULL INPUT
EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINOR
-LANGUAGE JAVA PARAMETER STYLE JAVA;
-
-CREATE PROCEDURE AUTH_TEST.addUserUtility(IN userName VARCHAR(50), IN permission VARCHAR(22))
-LANGUAGE JAVA PARAMETER STYLE JAVA
-EXTERNAL SECURITY INVOKER
-EXTERNAL NAME 'org.apache.derby.database.UserUtility.add';
-
-CREATE FUNCTION F_ABS(P1 INT)
-RETURNS INT NO SQL
-RETURNS NULL ON NULL INPUT
-EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINER
LANGUAGE JAVA PARAMETER STYLE JAVA;
values f_abs(-5);
@@ -120,7 +105,6 @@
CREATE FUNCTION FuncNotMySchema(P1 INT)
RETURNS INT NO SQL RETURNS NULL ON NULL INPUT
EXTERNAL NAME 'java.lang.Math.abs'
-EXTERNAL SECURITY DEFINER
LANGUAGE JAVA PARAMETER STYLE JAVA;
alter table tsat add column k int;