You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2008/05/30 19:59:29 UTC
svn commit: r661797 - in /db/derby/code/trunk/java:
engine/org/apache/derby/iapi/util/ engine/org/apache/derby/impl/jdbc/
engine/org/apache/derby/jdbc/ engine/org/apache/derby/security/
testing/org/apache/derbyTesting/unitTests/junit/
Author: rhillegas
Date: Fri May 30 10:59:28 2008
New Revision: 661797
URL: http://svn.apache.org/viewvc?rev=661797&view=rev
Log:
DERBY-3531: Commit Martin's patch which rewrites string splitting code to use only apis which are present on Java ME platforms.
Added:
db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy (with props)
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java
db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/StringUtil.java Fri May 30 10:59:28 2008
@@ -20,7 +20,9 @@
*/
package org.apache.derby.iapi.util;
+
import java.util.Locale;
+import java.util.StringTokenizer;
/**
A set of public static methods for dealing with Strings
@@ -28,6 +30,39 @@
public class StringUtil
{
/**
+ * Splits a string around matches of the given delimiter character.
+ *
+ * Where applicable, this method can be used as a substitute for
+ * <code>String.split(String regex)</code>, which is not available
+ * on a JSR169/Java ME platform.
+ *
+ * @param str the string to be split
+ * @param delim the delimiter
+ * @throws NullPointerException if str is null
+ */
+ static public String[] split(String str, char delim)
+ {
+ if (str == null) {
+ throw new NullPointerException("str can't be null");
+ }
+
+ // Note the javadoc on StringTokenizer:
+ // StringTokenizer is a legacy class that is retained for
+ // compatibility reasons although its use is discouraged in
+ // new code.
+ // In other words, if StringTokenizer is ever removed from the JDK,
+ // we need to have a look at String.split() (or java.util.regex)
+ // if it is supported on a JSR169/Java ME platform by then.
+ StringTokenizer st = new StringTokenizer(str, String.valueOf(delim));
+ int n = st.countTokens();
+ String[] s = new String[n];
+ for (int i = 0; i < n; i++) {
+ s[i] = st.nextToken();
+ }
+ return s;
+ }
+
+ /**
* Used to print out a string for error messages,
* chops is off at 60 chars for historical reasons.
*/
@@ -155,9 +190,9 @@
private static char[] hex_table = {
- '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
- 'a', 'b', 'c', 'd', 'e', 'f'
- };
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+ 'a', 'b', 'c', 'd', 'e', 'f'
+ };
/**
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Fri May 30 10:59:28 2008
@@ -33,9 +33,11 @@
import org.apache.derby.iapi.services.memory.LowMemory;
import org.apache.derby.iapi.services.monitor.Monitor;
import org.apache.derby.iapi.services.sanity.SanityManager;
+import org.apache.derby.iapi.services.property.PropertyUtil;
import org.apache.derby.iapi.jdbc.AuthenticationService;
import org.apache.derby.iapi.jdbc.EngineConnection;
+import org.apache.derby.security.DatabasePermission;
import org.apache.derby.iapi.db.Database;
import org.apache.derby.impl.db.SlaveDatabase;
@@ -52,6 +54,13 @@
import org.apache.derby.iapi.store.replication.master.MasterFactory;
import org.apache.derby.iapi.store.replication.slave.SlaveFactory;
+import org.apache.derby.iapi.util.IdUtil;
+
+import java.io.IOException;
+
+import java.security.Permission;
+import java.security.AccessControlException;
+
/* can't import due to name overlap:
import java.sql.Connection;
import java.sql.ResultSet;
@@ -372,11 +381,6 @@
// check for user's credential and authenticate the user
// with system level authentication service.
- // FIXME: We should also check for CREATE DATABASE operation
- // authorization for the user if authorization was
- // set at the system level.
- // Right now, the authorization service does not
- // restrict/account for Create database op.
checkUserCredentials(null, info);
// Process with database creation
@@ -2412,6 +2416,11 @@
info = filterProperties(info);
+ // check for create database privileges
+ // DERBY-3495: uncomment to enable system privileges checks
+ //final String user = IdUtil.getUserNameFromURLProps(info);
+ //checkDatabaseCreatePrivileges(user, dbname);
+
try {
if (Monitor.createPersistentService(Property.DATABASE_MODULE, dbname, info) == null)
{
@@ -2432,6 +2441,90 @@
return (Database) Monitor.findService(Property.DATABASE_MODULE, dbname);
}
+ /**
+ * Checks that a user has the system privileges to create a database.
+ * To perform this check the following policy grants are required
+ * <ul>
+ * <li> to run the encapsulated test:
+ * permission javax.security.auth.AuthPermission "doAsPrivileged";
+ * <li> to resolve relative path names:
+ * permission java.util.PropertyPermission "user.dir", "read";
+ * <li> to canonicalize path names:
+ * permission java.io.FilePermission "...", "read";
+ * </ul>
+ * or a SQLException will be raised detailing the cause.
+ * <p>
+ * In addition, for the test to succeed
+ * <ul>
+ * <li> the given user needs to be covered by a grant:
+ * principal org.apache.derby.authentication.SystemPrincipal "..." {}
+ * <li> that lists a permission covering the database location:
+ * permission org.apache.derby.security.DatabasePermission "directory:...", "create";
+ * </ul>
+ * or it will fail with a SQLException detailing the cause.
+ *
+ * @param user The user to be checked for database create privileges
+ * @param dbname the name of the database to create
+ * @throws SQLException if the privileges check fails
+ */
+ private void checkDatabaseCreatePrivileges(String user,
+ String dbname)
+ throws SQLException {
+ // approve action if not running under a security manager
+ if (System.getSecurityManager() == null) {
+ return;
+ }
+ if (dbname == null) {
+ throw new NullPointerException("dbname can't be null");
+ }
+
+ // the check
+ try {
+ // raises IOException if dbname is non-canonicalizable
+ final String url
+ = (DatabasePermission.URL_PROTOCOL_DIRECTORY
+ + stripSubSubProtocolPrefix(dbname));
+ final Permission dp
+ = new DatabasePermission(url, DatabasePermission.CREATE);
+
+ factory.checkSystemPrivileges(user, dp);
+ } catch (AccessControlException ace) {
+ throw Util.generateCsSQLException(
+ SQLState.AUTH_DATABASE_CREATE_MISSING_PERMISSION,
+ user, dbname, ace);
+ } catch (IOException ioe) {
+ throw Util.generateCsSQLException(
+ SQLState.AUTH_DATABASE_CREATE_EXCEPTION,
+ dbname, (Object)ioe); // overloaded method
+ } catch (Exception e) {
+ throw Util.generateCsSQLException(
+ SQLState.AUTH_DATABASE_CREATE_EXCEPTION,
+ dbname, (Object)e); // overloaded method
+ }
+ }
+
+ /**
+ * Strips any sub-sub-protocol prefix from a database name.
+ *
+ * @param dbname a database name
+ * @return the database name without any sub-sub-protocol prefixes
+ * @throws NullPointerException if dbname is null
+ */
+ static public String stripSubSubProtocolPrefix(String dbname) {
+ // check if database name starts with a sub-sub-protocol tag
+ final int i = dbname.indexOf(':');
+ if (i > 0) {
+ // construct the sub-sub-protocol's system property name
+ final String prop
+ = Property.SUB_SUB_PROTOCOL_PREFIX + dbname.substring(0, i);
+
+ // test for existence of a system property (JVM + derby.properties)
+ if (PropertyUtil.getSystemProperty(prop, null) != null) {
+ return dbname.substring(i + 1); // the stripped database name
+ }
+ }
+ return dbname; // the unmodified database name
+ }
/**
* Boot database.
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver169.java Fri May 30 10:59:28 2008
@@ -140,7 +140,7 @@
* @throws AccessControlException if permissions are missing
* @throws Exception if the privileges check fails for some other reason
*/
- void checkSystemPrivileges(String user,
+ public void checkSystemPrivileges(String user,
Permission perm)
throws Exception {
// no checks -- some of the javax security classes not available
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/Driver20.java Fri May 30 10:59:28 2008
@@ -216,7 +216,7 @@
* @throws AccessControlException if permissions are missing
* @throws Exception if the privileges check fails for some other reason
*/
- void checkSystemPrivileges(String user,
+ public void checkSystemPrivileges(String user,
Permission perm)
throws Exception {
SecurityUtil.checkUserHasPermission(user, perm);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/jdbc/InternalDriver.java Fri May 30 10:59:28 2008
@@ -224,9 +224,9 @@
}
// check for shutdown privileges
- // Disabled until more of the patch can be applied.
+ // DERBY-3495: uncomment to enable system privileges checks
//final String user = IdUtil.getUserNameFromURLProps(finfo);
- //checkShutdownPrivileges(user);
+ //checkShutdownPrivileges(user);
Monitor.getMonitor().shutdown();
@@ -268,7 +268,7 @@
* @throws AccessControlException if permissions are missing
* @throws Exception if the privileges check fails for some other reason
*/
- abstract void checkSystemPrivileges(String user,
+ abstract public void checkSystemPrivileges(String user,
Permission perm)
throws Exception;
Modified: db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/security/DatabasePermission.java Fri May 30 10:59:28 2008
@@ -26,9 +26,11 @@
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.security.AccessController;
+import org.apache.derby.iapi.util.StringUtil;
import java.util.Set;
import java.util.HashSet;
+import java.util.Locale;
import java.io.File;
import java.io.IOException;
@@ -119,7 +121,7 @@
*/
static protected final Set LEGAL_ACTIONS = new HashSet();
static {
- // when adding new actions, check method: implies(Permission)
+ // when adding new actions, check: implies(Permission), getActions()
LEGAL_ACTIONS.add(CREATE);
};
@@ -231,18 +233,14 @@
throw new IllegalArgumentException("actions can't be empty");
}
- // splitting the comma-separated list into the individual actions
- // may throw a java.util.regex.PatternSyntaxException, which is a
- // java.lang.IllegalArgumentException, hence directly applicable
- final String[] s = actions.split(",");
-
// check for any illegal actions
+ actions = actions.toLowerCase(Locale.ENGLISH);
+ final String[] s = StringUtil.split(actions, ',');
for (int i = 0; i < s.length; i++) {
final String action = s[i].trim();
if (!LEGAL_ACTIONS.contains(action)) {
// report illegal action
final String msg = "Illegal action '" + action + "'";
- //System.out.println("DatabasePermission: " + msg);
throw new IllegalArgumentException(msg);
}
}
@@ -270,7 +268,6 @@
// check URL's protocol scheme and initialize path
if (!url.startsWith(URL_PROTOCOL_DIRECTORY)) {
final String msg = "Unsupported protocol in URL '" + url + "'";
- //System.out.println("DatabasePermission: " + msg);
throw new IllegalArgumentException(msg);
}
String p = url.substring(URL_PROTOCOL_DIRECTORY.length());
@@ -376,9 +373,6 @@
* @see Permission#implies(Permission)
*/
public boolean implies(Permission p) {
- //System.out.println("this = " + this);
- //System.out.println("that = " + p);
-
// can only imply other DatabasePermissions
if (!(p instanceof DatabasePermission)) {
return false;
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.java Fri May 30 10:59:28 2008
@@ -40,7 +40,7 @@
import org.apache.derby.authentication.SystemPrincipal;
import org.apache.derby.security.SystemPermission;
-//import org.apache.derby.security.DatabasePermission;
+import org.apache.derby.security.DatabasePermission;
import org.apache.derby.iapi.util.IdUtil;
import org.apache.derby.iapi.error.StandardException;
@@ -51,12 +51,18 @@
public class SystemPrivilegesPermissionTest extends BaseTestCase {
/**
- * This test's policy file.
+ * The policy file name for the subject authorization tests.
*/
static private String POLICY_FILE_NAME
= "org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy";
/**
+ * The policy file name for the DatabasePermission API test.
+ */
+ static private String POLICY_FILE_NAME1
+ = "org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy";
+
+ /**
* Some directory paths for testing DatabasePermissions.
*/
static private final String[] dirPaths = {
@@ -151,19 +157,38 @@
* @throws Exception
*/
public static Test suite() {
- TestSuite suite = new TestSuite(
- SystemPrivilegesPermissionTest.class,
- "SystemPrivilegesPermissionTest");
-
- if (SecurityManagerSetup.JVM_HAS_SUBJECT_AUTHORIZATION)
- {
+ // this suite cannot be constructed with automatic test extraction
+ // (by passing a class argument); instead, the tests need to be added
+ // manually since some of them require their own policy file
+ TestSuite suite = new TestSuite("SystemPrivilegesPermissionTest");
+
+ // add API tests for the basic security framework classes
+ suite.addTest(
+ new SystemPrivilegesPermissionTest("testSystemPrincipal"));
+ suite.addTest(
+ new SystemPrivilegesPermissionTest("testSystemPermission"));
+ // the DatabasePermission test attempts to canonicalize various
+ // directory path names and requires an all-files-read-permission,
+ // which is not granted by default derby_tests.policy
+ suite.addTest(new SecurityManagerSetup(
+ new SystemPrivilegesPermissionTest("testDatabasePermission"),
+ POLICY_FILE_NAME1));
+
+ // add authorization tests for security permissions; requires
+ // class javax.security.auth.Subject, which is not available
+ // on all JVM platforms
+ if (SecurityManagerSetup.JVM_HAS_SUBJECT_AUTHORIZATION) {
+ suite.addTest(new SecurityManagerSetup(
+ new SystemPrivilegesPermissionTest("policyTestSystemPermissionGrants"),
+ POLICY_FILE_NAME));
suite.addTest(new SecurityManagerSetup(
- new SystemPrivilegesPermissionTest("policyTestSystemGrants"),
- POLICY_FILE_NAME));
+ new SystemPrivilegesPermissionTest("policyTestDatabasePermissionGrants"),
+ POLICY_FILE_NAME));
}
+
return suite;
}
-
+
/**
* Tests SystemPrincipal.
*/
@@ -304,19 +329,21 @@
}
}
- public void policyTestSystemGrants() {
-
- // test SystemPermission for authorized user against policy file
-
- Permission shutdown = new SystemPermission(
+ /**
+ * Tests SystemPermissions against the Policy.
+ */
+ public void policyTestSystemPermissionGrants() {
+ final Permission shutdown
+ = new SystemPermission(
SystemPermission.SERVER,
SystemPermission.SHUTDOWN);
+ // test SystemPermission for authorized user
final SystemPrincipal authorizedUser
= new SystemPrincipal("authorizedSystemUser");
execute(authorizedUser, new ShutdownAction(shutdown), true);
- // test SystemPermission for unauthorized user against policy file
+ // test SystemPermission for unauthorized user
final SystemPrincipal unAuthorizedUser
= new SystemPrincipal("unAuthorizedSystemUser");
execute(unAuthorizedUser, new ShutdownAction(shutdown), false);
@@ -324,10 +351,8 @@
/**
* Tests DatabasePermission.
- */
-
- public void XXtestDatabasePermission() throws IOException {
- /*********************************************
+ */
+ public void testDatabasePermission() throws IOException {
// test DatabasePermission with null url
try {
new DatabasePermission(null, DatabasePermission.CREATE);
@@ -351,7 +376,6 @@
} catch (IllegalArgumentException ex) {
// expected exception
}
-***********************************************/
// this test's commented out because it's platform-dependent
// (no reliable way to make it pass on Unix)
@@ -365,7 +389,7 @@
//} catch (IOException ex) {
// // expected exception
//}
-/**********************************************
+
// test DatabasePermission with null actions
try {
new DatabasePermission("directory:dir", null);
@@ -484,9 +508,22 @@
checkImplies(absDirPathPerms, inclPerms, allFalse);
checkImplies(inclPerms, absDirPathAliasPerms, allTrue);
checkImplies(absDirPathAliasPerms, inclPerms, allFalse);
+ }
+
+ /**
+ * Tests DatabasePermissions against the Policy.
+ */
+ public void policyTestDatabasePermissionGrants() throws IOException {
+ final DatabasePermission[] relDirPathPerms
+ = new DatabasePermission[relDirPaths.length];
+ for (int i = 0; i < relDirPaths.length; i++) {
+ relDirPathPerms[i]
+ = new DatabasePermission(relDirPaths[i],
+ DatabasePermission.CREATE);
+ }
// test DatabasePermission for unauthorized, authorized, and
- // all-authorized users against policy file
+ // all-authorized users
final int[] singleLocPaths = { 2, 3, 6, 7 };
final SystemPrincipal authorizedUser
= new SystemPrincipal("authorizedSystemUser");
@@ -504,7 +541,7 @@
new CreateDatabaseAction(relDirPathPerms[j]), true);
}
- // test DatabasePermission for any user against policy file
+ // test DatabasePermission for any user
final SystemPrincipal anyUser
= new SystemPrincipal("anyUser");
final DatabasePermission dbPerm
@@ -512,7 +549,6 @@
DatabasePermission.CREATE);
execute(anyUser,
new CreateDatabaseAction(dbPerm), true);
-***********************************************/
}
/**
@@ -544,7 +580,6 @@
/**
* Tests DatabasePermission.getName() and .getActions().
*/
-/************88
private void checkNameAndActions(DatabasePermission[] dbperm,
String[] dbpath)
throws IOException {
@@ -557,7 +592,6 @@
DatabasePermission.CREATE, dbp.getActions());
}
}
-***************/
/**
* Tests DatabasePermission.hashCode() and .equals().
@@ -705,7 +739,7 @@
return IdUtil.getUserAuthorizationId(name);
} catch (StandardException se) {
throw new IllegalArgumentException(se.getMessage());
- }
+ }
}
/**
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy?rev=661797&r1=661796&r2=661797&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy Fri May 30 10:59:28 2008
@@ -20,29 +20,11 @@
// when testing with networkserver on a remote host, this needs to be passed in
// with the NetworkServerControl start command
-
-// Permissions required by System Privileges
-// We are liberal here and grant these permissions to all codebases
-// (it's not a goal to make the test harness or tests secure).
-// If that is of a concern, however, copy these permissions into sections
-// ${derbyTesting.codejar}
-// ${derbyTesting.codeclasses}
-grant {
- // System Privileges need to run "doAsPrivileged".
- permission javax.security.auth.AuthPermission "doAsPrivileged";
-
- // System Privileges need to be allowed to resolve relative directory names,
- // which requires a property-read permission.
- permission java.util.PropertyPermission "user.dir", "read";
-
- // System Privileges need to be allowed to canonicalize directory names,
- // which requires file-read permission.
- // Because this unit test involves some relative and absolute sample paths,
- // we liberally grant read access to all files.
- //permission java.io.FilePermission "${user.dir}${/}-", "read";
- //permission java.io.FilePermission "${/}-", "read";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
+// PLEASE NOTE WHEN EDITING: This policy file is almost identical to
+// SystemPrivilegesPermissionTest1.policy
+// except for the SystemPrincipal authorization grants. The duplicity of
+// information cannot be avoided unless there's an automated generation of
+// policy files as proposed by DERBY-3547 (or a policy include mechanism).
// Specific test authorizations for System Privileges
grant principal org.apache.derby.authentication.SystemPrincipal "AUTHORIZEDSYSTEMUSER" {
@@ -65,7 +47,7 @@
};
//
-// Permissions for running the test on the jars files
+// Permissions for the tests (derbyTesting.jar)
//
grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
// Allow tests to install and uninstall the security manager and
@@ -75,10 +57,31 @@
permission java.security.SecurityPermission "getPolicy";
// Allow setIO to change the system err and out streams
- permission java.lang.RuntimePermission "setIO";
+ //permission java.lang.RuntimePermission "setIO";
- // derbyTesting.junit.TestConfiguration... calls System.getProperties()
+ // derbyTesting.junit.TestConfiguration... modifies System properties
permission java.util.PropertyPermission "*", "read,write";
+
+ // System Privileges test needs to run "doAsPrivileged"
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+};
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+ // System Privileges framework needs to run "doAsPrivileged"
+ //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to resolve relative directory names,
+ // which requires a property-read permission
+ permission java.util.PropertyPermission "user.dir", "read";
+
+ // System Privileges framework needs to canonicalize directory names,
+ // which requires file-read permission
+ // Because this unit test involves some relative and absolute sample paths,
+ // we liberally grant read access to all files.
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
//
@@ -92,10 +95,26 @@
permission java.security.SecurityPermission "getPolicy";
// Allow setIO to change the system err and out streams
- permission java.lang.RuntimePermission "setIO";
+ //permission java.lang.RuntimePermission "setIO";
- // derbyTesting.junit.TestConfiguration... calls System.getProperties()
+ // derbyTesting.junit.TestConfiguration... modifies System properties
permission java.util.PropertyPermission "*", "read,write";
+
+ // System Privileges test needs to run "doAsPrivileged"
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to run "doAsPrivileged"
+ //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to resolve relative directory names,
+ // which requires a property-read permission
+ permission java.util.PropertyPermission "user.dir", "read";
+
+ // System Privileges framework needs to canonicalize directory names,
+ // which requires file-read permission
+ // Because this unit test involves some relative and absolute sample paths,
+ // we liberally grant read access to all files.
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
// JUnit jar file tries to read junit.properties in the user's
@@ -111,14 +130,6 @@
permission java.io.FilePermission "${user.dir}${/}*", "write";
};
-// Due to a problem running tests/derbynet/CompatibilityTest in the old test
-// harness, permission to read junit.properties is granted to all. This can be
-// removed when CompatibilityTest is rewritten to conform to our current Junit
-// usage. See DERBY-2076.
-grant {
- permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
-};
-
// Ant's junit runner requires setOut to redirect the System output streams
// to the forked JVM used when running junit tests inside Ant. Ant requires
// forking the JVM if you want to run tests in a different directory than the
Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy?rev=661797&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy (added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy Fri May 30 10:59:28 2008
@@ -0,0 +1,122 @@
+// Policy file with minimal set of permissions to run unit test for
+// Derby System Privileges (DERBY-2109).
+//
+// The test harness sets up four variables used by this policy file
+//
+// derbyTesting.codejar - URL to the jar files when they are in the classpath
+// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
+//
+// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
+// other will be set to a bogus URL like file://unused
+//
+// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
+// Only required due to a BUG (see below for more info).
+//
+// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation
+// for XML-based tests (ex. lang/XMLBindingTest.java).
+//
+// derbyTesting.serverhost - Host name or ip where network server is started
+// derbyTesting.clienthost - specifies the clients ip address/hostName.
+// when testing with networkserver on a remote host, this needs to be passed in
+// with the NetworkServerControl start command
+
+// PLEASE NOTE WHEN EDITING: This policy file is almost identical to
+// SystemPrivilegesPermissionTest.policy
+// except for the SystemPrincipal authorization grants. The duplicity of
+// information cannot be avoided unless there's an automated generation of
+// policy files as proposed by DERBY-3547 (or a policy include mechanism).
+
+//
+// Permissions for the tests (derbyTesting.jar)
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+ // Allow tests to install and uninstall the security manager and
+ // to refresh the policy
+ permission java.util.PropertyPermission "java.security.policy", "read,write";
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.security.SecurityPermission "getPolicy";
+
+ // Allow setIO to change the system err and out streams
+ //permission java.lang.RuntimePermission "setIO";
+
+ // derbyTesting.junit.TestConfiguration... modifies System properties
+ permission java.util.PropertyPermission "*", "read,write";
+
+ // System Privileges test needs to run "doAsPrivileged"
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+};
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+ // System Privileges framework needs to run "doAsPrivileged"
+ //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to resolve relative directory names,
+ // which requires a property-read permission
+ permission java.util.PropertyPermission "user.dir", "read";
+
+ // System Privileges framework needs to canonicalize directory names,
+ // which requires file-read permission
+ // Because this unit test involves some relative and absolute sample paths,
+ // we liberally grant read access to all files.
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+//
+// Permissions for running the test on the class files
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+ // Allow tests to install and uninstall the security manager and
+ // to refresh the policy
+ permission java.util.PropertyPermission "java.security.policy", "read,write";
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.security.SecurityPermission "getPolicy";
+
+ // Allow setIO to change the system err and out streams
+ //permission java.lang.RuntimePermission "setIO";
+
+ // derbyTesting.junit.TestConfiguration... modifies System properties
+ permission java.util.PropertyPermission "*", "read,write";
+
+ // System Privileges test needs to run "doAsPrivileged"
+ permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to run "doAsPrivileged"
+ //permission javax.security.auth.AuthPermission "doAsPrivileged";
+
+ // System Privileges framework needs to resolve relative directory names,
+ // which requires a property-read permission
+ permission java.util.PropertyPermission "user.dir", "read";
+
+ // System Privileges framework needs to canonicalize directory names,
+ // which requires file-read permission
+ // Because this unit test involves some relative and absolute sample paths,
+ // we liberally grant read access to all files.
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+ permission java.util.PropertyPermission "user.home", "read";
+ permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+ permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+
+ // This permission is needed when running the tests using ant 1.7
+ permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+ permission java.lang.RuntimePermission "setIO";
+
+ // This permission is needed when running the tests using ant 1.7
+ permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
Propchange: db/derby/code/trunk/java/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy
------------------------------------------------------------------------------
svn:eol-style = native