You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Rick Hillegas (JIRA)" <ji...@apache.org> on 2007/05/15 23:15:17 UTC
[jira] Updated: (DERBY-1540) JDBC 4 EoD with default
QueryObjectGenerator fails with SecurityManager
[ https://issues.apache.org/jira/browse/DERBY-1540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Hillegas updated DERBY-1540:
---------------------------------
Fix Version/s: 10.2.2.1
> JDBC 4 EoD with default QueryObjectGenerator fails with SecurityManager
> ------------------------------------------------------------------------
>
> Key: DERBY-1540
> URL: https://issues.apache.org/jira/browse/DERBY-1540
> Project: Derby
> Issue Type: Bug
> Components: JDBC
> Affects Versions: 10.2.1.6
> Reporter: Daniel John Debrunner
> Assigned To: Rick Hillegas
> Fix For: 10.2.2.1
>
> Attachments: derby-1540_v01.diff
>
>
> The test jdbc4/TestQueryObject runs without the security manager because the default QueryObjectGenerator uses reflection.
> See trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/TestQueryObject_app.properties
> Seems like a bug, but not sure of its cause or solution: Could be one (or none) of:
> - Make changes in Derby code, e.g. add privilege blocks but don't see how this will solve anything as it's not Derby code that's calling the reflection and I don't see any javadoc comments in JDBC 4.0 about methods throwing SecurityExceptions.
> - document the privileges required to use the EoD features, though not sure how we would document the ability to grant a privilege to system (JDK) code. Are these privileges documented in the JDBC spec?
> - a bug in the Mustang beta, default query object not being treated as system code, no priv blocks in it?
> - a limitation of the default QueryObjectGenerator , cannot use with a security manager?
> - a Derby test problem?
> This is more of a tracking issue, with a dump of my thoughts.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.