You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Richard N. Hillegas (Jira)" <ji...@apache.org> on 2022/05/02 22:32:00 UTC

[jira] [Commented] (DERBY-7138) Remove references to the Java Security Manager

    [ https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17530963#comment-17530963 ] 

Richard N. Hillegas commented on DERBY-7138:
--------------------------------------------

Attaching derby-7138-13-aa-adjustUserDocumentation.diff and a corresponding tarball of generated output (derby-7138-13-aa-adjustUserDocumentation.tar). This patch removes references to the SecurityManager from the Derby user guides.

{noformat}
----------------------------------------------
ADMIN GUIDE

M       src/adminguide/cadminov825266.dita

Removed a paragraph from the "The Derby Network Server" section.
It explained that the SecurityManager is installed by default.


M       src/adminguide/cadminservlet98430.dita

Removed a clause from the "Managing the Derby Network Server remotely
by using the servlet interface" section. The clause recommended that the user
install a SecurityManager.


M       src/adminguide/radmindrdahost.dita

Removed a clause from the "derby.drda.host property" section.
The clause recommended that the user install a SecurityManager.


M       src/adminguide/radminjmxenablenoauth.dita

Removed a paragraph from the "Enabling remote JMX with no authentication or SSL" section.
The paragraph explained that the SecurityManager is installed by default.


M       src/adminguide/radminjmxenablepwdssl.dita

Removed a paragraph and example code from the "Enabling remote JMX
with password authentication and SSL" section. The paragraph and example
explained that JMX permissions need to be granted when a SecurityManager is installed.


M       src/adminguide/tadmincbdjhhfd.dita

Removed a paragraph from the "Starting the Network Server" section.
The paragraph urged the user to install a SecurityManager.


M       src/adminguide/tadminconfig813694.dita

Removed a note from the "Using the NetworkServerControl API" section.
The note urged the user to install a SecurityManager.


D       src/adminguide/cadminreplicsecurity.dita

Removed the "Replication and security" section, which explains how to run
Replication under the Java SecurityManager.


D       src/adminguide/radminjmxenablepolicy.dita

Removed the "Fine-grained authorization using a security policy" section,
which explains how to run the JMX beans under the Java SecurityManager.


M       src/adminguide/derbyadmin.ditamap

Removed deprecated sections from the table of contents.


----------------------------------------------
DEVELOPERS GUIDE

M       src/devguide/tdevdvlp20349.dita

Removed a paragraph from the "Shutting down the system" section.
The paragraph explained the need for a "deregister the JDBC driver" permission.


M       src/devguide/tdevdvlp40464.dita

Removed a paragraph from the "Shutting down Derby or an individual database" section.
The paragraph explained the need for a "deregister the JDBC driver" permission.


----------------------------------------------
GETTING STARTED GUIDE

M       src/getstart/twwdactivity2.dita
M       src/getstart/twwdactivity4.dita

Removed SecurityManager installation messages from example output
in the "Activity 2: Run SQL using the client driver"
and "Activity 4: Create and run a JDBC program using the client
driver and Network Server" sections.


----------------------------------------------
REFERENCE GUIDE

M       src/ref/rrefattribderegister.dita

Removed paragraphs from the "deregister=false attribute" section.
The paragraphs discussed the "deregister the JDBC driver" permission


M       src/ref/refderby.ditamap
D       src/ref/rrefreloadpolicyproc.dita

Removed the section on the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY system procedure.


----------------------------------------------
SECURITY GUIDE

M       src/security/cseccsecure863446.dita

Removed a paragraph about connection permissions from the
"Setting up Derby to use your LDAP directory service" section.


M       src/security/csecputstart.dita

Removed the SecurityManager properties from the example and a clause
about the SecurityManager from the "Starting a secured Network Server" section.


M       src/security/secderby.ditamap
M       src/security/csecpref23947.dita
D       src/security/csecjavasecurity.dita
D       src/security/csecrunpolicy.dita
D       src/security/rsecbasicclient.dita
D       src/security/rsecbasicengine.dita
D       src/security/rsecbasicserver.dita
D       src/security/rsecbasictools.dita
D       src/security/rsecpolicysample.dita
D       src/security/tsecnetservopen.dita
D       src/security/tsecnetservrun.dita

Removed the "Configuring Java security" section and adjusted the table
of contents and "How this guide is organized" section accordingly.


----------------------------------------------
TOOLS GUIDE

M       src/tools/derbytools.ditamap
D       src/tools/rtoolsoptlucenesecman.dita

Removed the "Running the luceneSupport tool with a security manager" section.
{noformat}


> Remove references to the Java Security Manager
> ----------------------------------------------
>
>                 Key: DERBY-7138
>                 URL: https://issues.apache.org/jira/browse/DERBY-7138
>             Project: Derby
>          Issue Type: Task
>          Components: Build tools, Documentation
>    Affects Versions: 10.16.0.0
>            Reporter: Richard N. Hillegas
>            Assignee: Richard N. Hillegas
>            Priority: Major
>         Attachments: DerbyServerTest.java, Z.java, derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, derby-7138-02-ab-moveMethodsToTestConfiguration.diff, derby-7138-03-aa-removePermissionsTests.diff, derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff, derby-7138-05-aa-removeSecurityManager.diff, derby-7138-06-aa-removeSecurityManagerSetup.diff, derby-7138-07-aa-removePrivilegeBlocksFromTests.diff, derby-7138-08-aa-removePolicyFiles.diff, derby-7138-09-aa-removeMostProductPrivilegeFiles.diff, derby-7138-10-aa-removeRemainingPrivilegeBlocks.diff, derby-7138-11-aa-miscCleanup.diff, derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff, derby-7138-13-aa-adjustUserDocumentation.diff, derby-7138-13-aa-adjustUserDocumentation.tar, postSecurityManager.html
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that it will be removed in a future release of Java. See https://openjdk.java.net/jeps/411. In an email thread titled "protecting security-sensitive operations on multi-tenant servers" on the security-dev@openjdk.java.net mailing list, Alan Bateman indicated that developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide. In its place, we should recommend that developers containerize their Derby applications.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)