You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2014/10/02 00:41:23 UTC
svn commit: r1628855 - in /db/derby/code/trunk/java:
engine/org/apache/derby/impl/jdbc/ engine/org/apache/derby/jdbc/
testing/org/apache/derbyTesting/functionTests/tests/lang/
testing/org/apache/derbyTesting/junit/
Author: rhillegas
Date: Wed Oct 1 22:41:22 2014
New Revision: 1628855
URL: http://svn.apache.org/r1628855
Log:
DERBY-6751: Prevent user code from getting a LanguageConnectionContext out of an EmbedConnection; tests passed cleanly on derby-6751-01-ad-usederbyinternals.diff.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/ConnectionChild.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedPooledConnection.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedXAResource.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/ConnectionChild.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/ConnectionChild.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/ConnectionChild.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/ConnectionChild.java Wed Oct 1 22:41:22 2014
@@ -22,8 +22,11 @@
package org.apache.derby.impl.jdbc;
import org.apache.derby.jdbc.InternalDriver;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.util.InterruptStatus;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.SQLException;
/**
@@ -153,12 +156,30 @@ abstract class ConnectionChild {
boolean pushStack, EmbedConnection ec) {
if (pushStack) {
- InterruptStatus.restoreIntrFlagIfSeen(ec.getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen( getLanguageConnectionContext( ec ) );
} else {
// no lcc if connection is closed:
InterruptStatus.restoreIntrFlagIfSeen();
}
}
+
+ /**
+ * Gets the LanguageConnectionContext for this connection.
+ */
+ static LanguageConnectionContext getLanguageConnectionContext( final EmbedConnection conn )
+ {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return conn.getLanguageConnection();
+ }
+ }
+ );
+ }
+
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Wed Oct 1 22:41:22 2014
@@ -473,7 +473,7 @@ public class EmbedConnection implements
isFailoverMasterBoot) {
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
// a failure here leaves database booted, but no
// operation has taken place and the connection is
// rejected.
@@ -498,7 +498,7 @@ public class EmbedConnection implements
// restricted to the database owner if authentication
// and sqlAuthorization is on.
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
int operation;
if (isTwoPhaseCryptoBoot) {
if (isTrue(savedInfo, Attribute.DECRYPT_DATABASE)) {
@@ -590,7 +590,7 @@ public class EmbedConnection implements
// now we have the database connection, we can shut down
if (shutdown) {
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
// DERBY-2264: Only allow database owner to shut down if
// authentication and sqlAuthorization is on.
checkIsDBOwner(OP_SHUTDOWN);
@@ -601,7 +601,7 @@ public class EmbedConnection implements
// Drop the database at this point, if that is requested.
if (dropDatabase) {
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
// Only the database owner is allowed to drop the database.
// NOTE: Reusing the message for shutdown, as drop database
// includes a shutdown. May want to change this later
@@ -632,9 +632,9 @@ public class EmbedConnection implements
}
// Raise a warning in sqlAuthorization mode if authentication is not ON
- if (usingNoneAuth && getLanguageConnection().usesSqlAuthorization())
+ if (usingNoneAuth && privilegedGetLCC().usesSqlAuthorization())
addWarning(SQLWarningFactory.newSQLWarning(SQLState.SQL_AUTHORIZATION_WITH_NO_AUTHENTICATION));
- InterruptStatus.restoreIntrFlagIfSeen(getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen(privilegedGetLCC());
}
catch (OutOfMemoryError noMemory)
{
@@ -934,7 +934,7 @@ public class EmbedConnection implements
// If authorization is turned on, we need to check if this
// user is database owner.
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
checkIsDBOwner(OP_REPLICATION);
}
// TODO: If system privileges is turned on, we need to check
@@ -978,7 +978,7 @@ public class EmbedConnection implements
// If authorization is turned on, we need to check if this
// user is database owner.
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
checkIsDBOwner(OP_REPLICATION);
}
// TODO: If system privileges is turned on, we need to check
@@ -1103,7 +1103,7 @@ public class EmbedConnection implements
// If authorization is turned on, we need to check if this
// user is database owner.
if (!usingNoneAuth &&
- getLanguageConnection().usesSqlAuthorization()) {
+ privilegedGetLCC().usesSqlAuthorization()) {
checkIsDBOwner(OP_REPLICATION);
}
// TODO: If system privileges is turned on, we need to check
@@ -1420,7 +1420,7 @@ public class EmbedConnection implements
*/
private void checkIsDBOwner(int operation) throws SQLException
{
- final LanguageConnectionContext lcc = getLanguageConnection();
+ final LanguageConnectionContext lcc = privilegedGetLCC();
final String actualId = lcc.getSessionUserId();
final String dbOwnerId = lcc.getDataDictionary().
getAuthorizationDatabaseOwner();
@@ -1925,7 +1925,7 @@ public class EmbedConnection implements
{
getTR().commit();
clearLOBMapping();
- InterruptStatus.restoreIntrFlagIfSeen(getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen(privilegedGetLCC());
}
catch (Throwable t)
{
@@ -1962,7 +1962,7 @@ public class EmbedConnection implements
{
getTR().rollback();
clearLOBMapping();
- InterruptStatus.restoreIntrFlagIfSeen(getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen(privilegedGetLCC());
} catch (Throwable t) {
throw handleException(t);
}
@@ -2154,7 +2154,7 @@ public class EmbedConnection implements
{
setupContextStack();
try {
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
lcc.setReadOnly(readOnly);
InterruptStatus.restoreIntrFlagIfSeen(lcc);
} catch (StandardException e) {
@@ -2174,7 +2174,7 @@ public class EmbedConnection implements
public final boolean isReadOnly() throws SQLException
{
checkIfClosed();
- return getLanguageConnection().isReadOnly();
+ return privilegedGetLCC().isReadOnly();
}
/**
@@ -2250,7 +2250,7 @@ public class EmbedConnection implements
{
setupContextStack();
try {
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
lcc.setIsolationLevel(iLevel);
InterruptStatus.restoreIntrFlagIfSeen(lcc);
} catch (StandardException e) {
@@ -2270,7 +2270,7 @@ public class EmbedConnection implements
*/
public final int getTransactionIsolation() throws SQLException {
checkIfClosed();
- return TransactionControl.jdbcIsolationLevel( getLanguageConnection().getCurrentIsolationLevel() );
+ return TransactionControl.jdbcIsolationLevel( privilegedGetLCC().getCurrentIsolationLevel() );
}
/**
@@ -2361,10 +2361,13 @@ public class EmbedConnection implements
public final LanguageConnectionContext getLanguageConnection() {
+ // Verify that we have permission to execute this method.
+ SecurityUtil.checkDerbyInternalsPrivilege();
+
if (SanityManager.DEBUG)
SanityManager.ASSERT(!isClosed() || isAborting(), "connection is closed");
- return getTR().getLcc();
+ return privilegedGetLCC();
}
/**
@@ -2525,7 +2528,7 @@ public class EmbedConnection implements
{
getTR().commit();
clearLOBMapping();
- InterruptStatus.restoreIntrFlagIfSeen(getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen(privilegedGetLCC());
}
catch (Throwable t)
{
@@ -2558,7 +2561,7 @@ public class EmbedConnection implements
{
getTR().commit();
clearLOBMapping();
- InterruptStatus.restoreIntrFlagIfSeen(getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen(privilegedGetLCC());
}
catch (Throwable t)
{
@@ -2878,7 +2881,7 @@ public class EmbedConnection implements
// Restore here, cf. comment in
// EmbedDatabaseMetaData#getPreparedQuery:
InterruptStatus.
- restoreIntrFlagIfSeen(getLanguageConnection());
+ restoreIntrFlagIfSeen(privilegedGetLCC());
restoreContextStack();
}
return s;
@@ -2965,7 +2968,7 @@ public class EmbedConnection implements
}
public void setDrdaID(String drdaID) {
- getLanguageConnection().setDrdaID(drdaID);
+ privilegedGetLCC().setDrdaID(drdaID);
}
/** @see EngineConnection#isInGlobalTransaction() */
@@ -2986,7 +2989,7 @@ public class EmbedConnection implements
{
setupContextStack();
try {
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
lcc.resetFromPool();
InterruptStatus.restoreIntrFlagIfSeen(lcc);
} catch (StandardException t) {
@@ -3028,7 +3031,7 @@ public class EmbedConnection implements
setupContextStack();
try
{
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
XATransactionController tc =
(XATransactionController)lcc.getTransactionExecute();
@@ -3080,7 +3083,7 @@ public class EmbedConnection implements
setupContextStack();
try
{
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
lcc.xaCommit(onePhase);
InterruptStatus.restoreIntrFlagIfSeen(lcc);
} catch (StandardException t)
@@ -3106,7 +3109,7 @@ public class EmbedConnection implements
setupContextStack();
try
{
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
lcc.xaRollback();
InterruptStatus.restoreIntrFlagIfSeen(lcc);
} catch (StandardException t)
@@ -3176,7 +3179,7 @@ public class EmbedConnection implements
synchronized(getConnectionSynchronization())
{
- getLanguageConnection().setPrepareIsolationLevel(level);
+ privilegedGetLCC().setPrepareIsolationLevel(level);
}
}
@@ -3185,7 +3188,7 @@ public class EmbedConnection implements
*/
public int getPrepareIsolation()
{
- return getLanguageConnection().getPrepareIsolationLevel();
+ return privilegedGetLCC().getPrepareIsolationLevel();
}
/**
@@ -3232,7 +3235,7 @@ public class EmbedConnection implements
if ( connString == null )
{
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
connString =
this.getClass().getName() + "@" + this.hashCode() + " " +
@@ -3415,7 +3418,7 @@ public class EmbedConnection implements
/** Cancels the current running statement. */
public void cancelRunningStatement() {
- getLanguageConnection().getStatementContext().cancel();
+ privilegedGetLCC().getStatementContext().cancel();
}
/**
@@ -3426,7 +3429,7 @@ public class EmbedConnection implements
* @return the current schema name
*/
public String getCurrentSchemaName() {
- return getLanguageConnection().getCurrentSchemaName();
+ return privilegedGetLCC().getCurrentSchemaName();
}
@@ -3565,7 +3568,7 @@ public class EmbedConnection implements
// Need to cast and get the name because JDBC3 spec
// doesn't support names for unnamed savepoints but
// Derby keeps names for named & unnamed savepoints.
- getLanguageConnection().internalRollbackToSavepoint(
+ privilegedGetLCC().internalRollbackToSavepoint(
((EmbedSavepoint)savepoint).getInternalName(),
true, savepoint);
} catch (StandardException e) {
@@ -3596,7 +3599,7 @@ public class EmbedConnection implements
// Need to cast and get the name because JDBC3 spec
// doesn't support names for unnamed savepoints but
// Derby keeps name for named & unnamed savepoints.
- getLanguageConnection().releaseSavePoint(
+ privilegedGetLCC().releaseSavePoint(
((EmbedSavepoint)savepoint).getInternalName(), savepoint);
} catch (StandardException e) {
throw handleException(e);
@@ -3615,7 +3618,7 @@ public class EmbedConnection implements
//Bug 4507 - savepoint not allowed inside trigger
StatementContext stmtCtxt =
- getLanguageConnection().getStatementContext();
+ privilegedGetLCC().getStatementContext();
if (stmtCtxt!= null && stmtCtxt.inTrigger()) {
throw newSQLException(SQLState.NO_SAVEPOINT_IN_TRIGGER);
}
@@ -3656,7 +3659,7 @@ public class EmbedConnection implements
{
setupContextStack();
try {
- LanguageConnectionContext lcc = getLanguageConnection();
+ LanguageConnectionContext lcc = privilegedGetLCC();
return lcc.getCurrentSchemaName();
} finally {
restoreContextStack();
@@ -4092,4 +4095,21 @@ public class EmbedConnection implements
}
}
+ /**
+ * Private, privileged lookup of the lcc..
+ */
+ private LanguageConnectionContext privilegedGetLCC()
+ {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return getTR().getLcc();
+ }
+ }
+ );
+ }
+
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java Wed Oct 1 22:41:22 2014
@@ -29,8 +29,11 @@ import org.apache.derby.iapi.sql.conn.St
import org.apache.derby.iapi.jdbc.ConnectionContext;
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.sql.ResultSet;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.error.ExceptionSeverity;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.SQLException;
import java.util.Vector;
import java.util.Enumeration;
@@ -108,7 +111,7 @@ class EmbedConnectionContext extends Con
throw Util.noCurrentConnection();
if (!internal) {
- StatementContext sc = conn.getLanguageConnection().getStatementContext();
+ StatementContext sc = privilegedGetLCC( conn ).getStatementContext();
if ((sc == null) || (sc.getSQLAllowed() < org.apache.derby.catalog.types.RoutineAliasInfo.MODIFIES_SQL_DATA))
throw Util.noCurrentConnection();
}
@@ -154,4 +157,21 @@ class EmbedConnectionContext extends Con
// we don't have one since the dynamic result will be inaccessible.
return EmbedStatement.processDynamicResult(conn, resultSet, null) != null;
}
+
+ /**
+ * Private, privileged lookup of the lcc..
+ */
+ private LanguageConnectionContext privilegedGetLCC( final EmbedConnection conn )
+ {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return conn.getLanguageConnection();
+ }
+ }
+ );
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java Wed Oct 1 22:41:22 2014
@@ -42,6 +42,8 @@ import org.apache.derby.iapi.reference.L
import java.util.Properties;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.DatabaseMetaData;
import java.sql.Connection;
import java.sql.PreparedStatement;
@@ -3814,7 +3816,16 @@ public class EmbedDatabaseMetaData exten
*/
private LanguageConnectionContext getLanguageConnectionContext()
{
- return getEmbedConnection().getLanguageConnection();
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return getEmbedConnection().getLanguageConnection();
+ }
+ }
+ );
}
/*
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedResultSet.java Wed Oct 1 22:41:22 2014
@@ -79,6 +79,9 @@ import java.sql.Ref;
import java.sql.RowId;
import java.sql.SQLXML;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import java.util.Arrays;
import java.util.Calendar;
import java.util.Map;
@@ -273,7 +276,7 @@ public class EmbedResultSet extends Conn
if (concurrencyOfThisResultSet == java.sql.ResultSet.CONCUR_UPDATABLE)
{
final int columnCount = resultDescription.getColumnCount();
- final ExecutionFactory factory = conn.getLanguageConnection().
+ final ExecutionFactory factory = getLanguageConnectionContext( conn ).
getLanguageConnectionFactory().getExecutionFactory();
try{
@@ -418,7 +421,7 @@ public class EmbedResultSet extends Conn
setupContextStack();
try {
- LanguageConnectionContext lcc = getEmbedConnection().getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( getEmbedConnection() );
final ExecRow newRow;
try {
@@ -588,7 +591,7 @@ public class EmbedResultSet extends Conn
try {
LanguageConnectionContext lcc =
- getEmbedConnection().getLanguageConnection();
+ getLanguageConnectionContext( getEmbedConnection() );
try {
theResults.close();
@@ -3843,7 +3846,7 @@ public class EmbedResultSet extends Conn
synchronized (getConnectionSynchronization()) {
checksBeforeInsert();
setupContextStack();
- LanguageConnectionContext lcc = getEmbedConnection().getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( getEmbedConnection() );
StatementContext statementContext = null;
try {
/*
@@ -3963,7 +3966,7 @@ public class EmbedResultSet extends Conn
checkNotOnInsertRow();
setupContextStack();
- LanguageConnectionContext lcc = getEmbedConnection().getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( getEmbedConnection() );
StatementContext statementContext = null;
try {
if (currentRowHasBeenUpdated == false) //nothing got updated on this row
@@ -4066,7 +4069,7 @@ public class EmbedResultSet extends Conn
setupContextStack();
- LanguageConnectionContext lcc = getEmbedConnection().getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( getEmbedConnection() );
StatementContext statementContext = null;
//now construct the delete where current of sql
@@ -4221,8 +4224,8 @@ public class EmbedResultSet extends Conn
updateRow.setColumn(i,
resultDescription.getColumnDescriptor(i).getType().getNull());
}
- InterruptStatus.restoreIntrFlagIfSeen(
- getEmbedConnection().getLanguageConnection());
+ InterruptStatus.restoreIntrFlagIfSeen
+ ( getLanguageConnectionContext( getEmbedConnection() ) );
} catch (Throwable ex) {
handleException(ex);
} finally {
@@ -4355,7 +4358,7 @@ public class EmbedResultSet extends Conn
try {
StringDataValue dvd = (StringDataValue)getColumn(columnIndex);
- LanguageConnectionContext lcc = ec.getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( ec );
if (wasNull = dvd.isNull()) {
InterruptStatus.restoreIntrFlagIfSeen();
@@ -4806,7 +4809,7 @@ public class EmbedResultSet extends Conn
setupContextStack();
LanguageConnectionContext lcc =
- getEmbedConnection().getLanguageConnection();
+ getLanguageConnectionContext( getEmbedConnection() );
try {
try {
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java Wed Oct 1 22:41:22 2014
@@ -21,10 +21,13 @@
package org.apache.derby.impl.jdbc;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.SQLException;
import java.sql.Savepoint;
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.reference.SQLState;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
/**
* This class implements the Savepoint interface from JDBC 3.0.
@@ -65,15 +68,15 @@ final class EmbedSavepoint extends Conne
super(conn);
if (name == null) //this is an unnamed savepoint
{
- //Generating a unique internal name for unnamed savepoints
- savepointName = "i." + conn.getLanguageConnection().getUniqueSavepointName();
- savepointID = conn.getLanguageConnection().getUniqueSavepointID();
+ //Generating a unique internal name for unnamed savepoints
+ savepointName = "i." + getLanguageConnectionContext( conn ).getUniqueSavepointName();
+ savepointID = getLanguageConnectionContext( conn ).getUniqueSavepointID();
} else
{
savepointName = "e." + name;
savepointID = -1;
}
- conn.getLanguageConnection().languageSetSavePoint(savepointName, this);
+ getLanguageConnectionContext( conn ).languageSetSavePoint(savepointName, this);
}
/**
@@ -115,7 +118,11 @@ final class EmbedSavepoint extends Conne
//bug 4468 - verify that savepoint rollback/release is for a savepoint from
//the current connection
boolean sameConnection(EmbedConnection con) {
- return (getEmbedConnection().getLanguageConnection() == con.getLanguageConnection());
+ return
+ (
+ getLanguageConnectionContext( getEmbedConnection() ) ==
+ getLanguageConnectionContext( con )
+ );
}
-}
+}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedStatement.java Wed Oct 1 22:41:22 2014
@@ -33,6 +33,8 @@ import org.apache.derby.iapi.sql.conn.La
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.jdbc.EngineStatement;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.SQLException;
import java.sql.SQLWarning;
import java.sql.Statement;
@@ -123,7 +125,7 @@ public class EmbedStatement extends Conn
this.resultSetConcurrency = resultSetConcurrency;
this.resultSetHoldability = resultSetHoldability;
- lcc = getEmbedConnection().getLanguageConnection();
+ lcc = getLanguageConnectionContext( getEmbedConnection() );
applicationConnection = getEmbedConnection().getApplicationConnection();
applicationStatement = this;
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedPooledConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedPooledConnection.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedPooledConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedPooledConnection.java Wed Oct 1 22:41:22 2014
@@ -37,6 +37,8 @@ import org.apache.derby.impl.jdbc.EmbedC
import java.sql.Connection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
@@ -402,7 +404,7 @@ class EmbedPooledConnection implements j
*/
public boolean isIsolationLevelSetUsingSQLorJDBC() throws SQLException {
if (realConnection != null)
- return realConnection.getLanguageConnection().isIsolationLevelSetUsingSQLorJDBC();
+ return getLanguageConnectionContext( realConnection ).isIsolationLevelSetUsingSQLorJDBC();
else
return false;
}
@@ -414,7 +416,7 @@ class EmbedPooledConnection implements j
and the end of a global transaction.
*/
public void resetIsolationLevelFlag() throws SQLException {
- realConnection.getLanguageConnection().resetIsolationLevelFlagUsedForSQLandJDBC();
+ getLanguageConnectionContext( realConnection ).resetIsolationLevelFlagUsedForSQLandJDBC();
}
/** @see BrokeredConnectionControl#isInGlobalTransaction() */
@@ -646,4 +648,21 @@ class EmbedPooledConnection implements j
statementEventListeners.add(listener);
}
}
+
+ /**
+ * Gets the LanguageConnectionContext for this connection.
+ */
+ private static LanguageConnectionContext getLanguageConnectionContext( final EmbedConnection conn )
+ {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return conn.getLanguageConnection();
+ }
+ }
+ );
+ }
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedXAResource.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedXAResource.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedXAResource.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/EmbedXAResource.java Wed Oct 1 22:41:22 2014
@@ -21,6 +21,8 @@
package org.apache.derby.jdbc;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
import java.security.PrivilegedAction;
import java.security.AccessController;
import java.sql.ResultSet;
@@ -46,6 +48,7 @@ import org.apache.derby.iapi.store.acces
import org.apache.derby.iapi.store.access.xa.XAXactId;
import org.apache.derby.impl.jdbc.EmbedConnection;
import org.apache.derby.impl.jdbc.TransactionResourceImpl;
+import org.apache.derby.impl.jdbc.Util;
import org.apache.derby.shared.common.sanity.SanityManager;
import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.reference.Property;
@@ -545,7 +548,7 @@ class EmbedXAResource implements XAResou
*/
private long getDefaultXATransactionTimeout() throws XAException {
try {
- LanguageConnectionContext lcc = con.getLanguageConnection();
+ LanguageConnectionContext lcc = getLanguageConnectionContext( con );
TransactionController tc = lcc.getTransactionExecute();
long timeoutMillis = 1000 * (long) PropertyUtil.getServiceInt(
@@ -658,7 +661,7 @@ class EmbedXAResource implements XAResou
con.realConnection.setHoldability(
ResultSet.CLOSE_CURSORS_AT_COMMIT);
- con.realConnection.getLanguageConnection().
+ getLanguageConnectionContext( con.realConnection ).
getTransactionExecute().
createXATransactionFromLocalTransaction(
xid_im.getFormatId(),
@@ -970,4 +973,46 @@ class EmbedXAResource implements XAResou
);
}
+ /**
+ * Gets the LanguageConnectionContext for this connection.
+ */
+ private LanguageConnectionContext getLanguageConnectionContext( final EmbedConnection conn )
+ {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return conn.getLanguageConnection();
+ }
+ }
+ );
+ }
+
+ /**
+ * Privileged LCC lookup. Must be private so that user code
+ * can't call this entry point.
+ */
+ private LanguageConnectionContext getLanguageConnectionContext( final EmbedPooledConnection conn )
+ throws SQLException
+ {
+ try {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedExceptionAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ throws SQLException
+ {
+ return conn.getLanguageConnection();
+ }
+ }
+ );
+ } catch (PrivilegedActionException pae)
+ {
+ throw Util.javaException( pae );
+ }
+ }
+
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java Wed Oct 1 22:41:22 2014
@@ -24,6 +24,8 @@ package org.apache.derby.jdbc;
import java.security.AccessController;
import java.security.AccessControlException;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.sql.CallableStatement;
@@ -645,9 +647,35 @@ public class InternalDriver implements M
Methods to be overloaded in sub-implementations such as
a tracing driver.
*/
- EmbedConnection getNewEmbedConnection(String url, Properties info)
- throws SQLException {
- return new EmbedConnection(this, url, info);
+ EmbedConnection getNewEmbedConnection( final String url, final Properties info)
+ throws SQLException
+ {
+ final InternalDriver myself = this;
+
+ try {
+ return AccessController.doPrivileged
+ (
+ new PrivilegedExceptionAction<EmbedConnection>()
+ {
+ public EmbedConnection run()
+ throws SQLException
+ {
+ return new EmbedConnection(myself, url, info);
+ }
+ }
+ );
+ } catch (PrivilegedActionException pae)
+ {
+ Throwable cause = pae.getCause();
+ if ( (cause != null) && (cause instanceof SQLException) )
+ {
+ throw (SQLException) cause;
+ }
+ else
+ {
+ throw Util.javaException( pae );
+ }
+ }
}
private ConnectionContext getConnectionContext() {
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NoDBInternalsPermissionTest.java Wed Oct 1 22:41:22 2014
@@ -166,7 +166,7 @@ public class NoDBInternalsPermissionTest
* See DERBY-6636.
* </p>
*/
- public void test_004_BasDataFileFactory()
+ public void test_004_BaseDataFileFactory()
throws Exception
{
try {
@@ -175,4 +175,21 @@ public class NoDBInternalsPermissionTest
}
catch (AccessControlException e) { println( "Caught an AccessControlException" ); }
}
+
+ /**
+ * <p>
+ * Verify that you need usederbyinternals permission to get the LCC from a Connection.
+ * See DERBY-6751.
+ * </p>
+ */
+ public void test_005_EmbedConnection_getLCC()
+ throws Exception
+ {
+ try {
+ Connection conn = getConnection();
+ ((EmbedConnection) conn).getLanguageConnection();
+ fail( "Should have raised an AccessControlException" );
+ }
+ catch (AccessControlException e) { println( "Caught an AccessControlException" ); }
+ }
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java?rev=1628855&r1=1628854&r2=1628855&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseJDBCTestCase.java Wed Oct 1 22:41:22 2014
@@ -29,6 +29,8 @@ import java.io.PrintStream;
import java.io.Reader;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.net.URL;
import java.sql.*;
@@ -39,6 +41,7 @@ import java.util.List;
import junit.framework.AssertionFailedError;
import junit.framework.Test;
+import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.sql.execute.RunTimeStatistics;
import org.apache.derby.impl.jdbc.EmbedConnection;
import org.apache.derby.tools.ij;
@@ -1564,13 +1567,14 @@ public abstract class BaseJDBCTestCase
* @throws SQLException
*/
public static void checkEstimatedRowCount(Connection conn, double expectedCount) throws SQLException {
- if (! (conn instanceof EmbedConnection))
- return;
+ if (! (conn instanceof EmbedConnection))
+ { return; }
- EmbedConnection econn = (EmbedConnection) conn;
- RunTimeStatistics rts = econn.getLanguageConnection().getRunTimeStatisticsObject();
- assertNotNull(" RuntimeStatistics is null. Did you call SYSCS_UTIL.SYSCS_SET_RUNTIMESTATISTICS(1)?",rts);
- assertEquals((long) expectedCount, (long) rts.getEstimatedRowCount());
+ EmbedConnection econn = (EmbedConnection) conn;
+ LanguageConnectionContext lcc = (LanguageConnectionContext) getLanguageConnectionContext( econn );
+ RunTimeStatistics rts = lcc.getRunTimeStatisticsObject();
+ assertNotNull(" RuntimeStatistics is null. Did you call SYSCS_UTIL.SYSCS_SET_RUNTIMESTATISTICS(1)?",rts);
+ assertEquals((long) expectedCount, (long) rts.getEstimatedRowCount());
}
/**
@@ -1831,6 +1835,29 @@ public abstract class BaseJDBCTestCase
ps.close();
}
+ /**
+ * Gets the LanguageConnectionContext for this connection. You might think that
+ * this method could take an EmbedConnection as its argument and return a
+ * LanguageConnectionContext. That, however, makes the compatibility tests blow up.
+ * With those stronger types, the test lookup machinery in junit.framework.TestSuite
+ * can't resolve the signature of this private method. That is because the engine jar is
+ * not on the client-only classpath used by the compatibility tests. Now you know.
+ */
+ private static Object getLanguageConnectionContext( Connection conn )
+ {
+ final EmbedConnection econn = (EmbedConnection) conn;
+ return AccessController.doPrivileged
+ (
+ new PrivilegedAction<LanguageConnectionContext>()
+ {
+ public LanguageConnectionContext run()
+ {
+ return econn.getLanguageConnection();
+ }
+ }
+ );
+ }
+
} // End class BaseJDBCTestCase