You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/11/12 00:11:56 UTC
svn commit: r473828 - in /db/derby/code/trunk/java/engine/org/apache/derby:
iapi/services/io/FileUtil.java impl/sql/execute/JarUtil.java
Author: djd
Date: Sat Nov 11 15:11:56 2006
New Revision: 473828
URL: http://svn.apache.org/viewvc?view=rev&rev=473828
Log:
DERBY-537 (partial) Fix the reading of the jar file (through a URL or file name) for sqlj.install_jar
and replace_jar to be under a privileged block. Switched the order of lookup from the jar path to
be URL and then as a file name. Otherwise a security exception is thrown trying to open the URL
path as a file name.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java?view=diff&rev=473828&r1=473827&r2=473828
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java Sat Nov 11 15:11:56 2006
@@ -26,7 +26,6 @@
import org.apache.derby.io.StorageFile;
import java.io.*;
-import java.net.*;
/**
A set of public static methods for dealing with File objects.
@@ -554,40 +553,5 @@
return new File(name);
else
return new File(parent, name);
- }
-
- /**
- * Open an input stream to read a file or a URL
- * @param fileOrURL The file or URL to open.
- * @param bufferSize 0 => no buffering.
- * @return an InputStream
- * @exception StandardException Thrown on failure
- */
- public static InputStream getInputStream(String fileOrURL,int bufferSize)
- throws IOException
- {
- InputStream is;
- try {
- is = new FileInputStream( fileOrURL );
- }
-
- catch (FileNotFoundException fnfe){
- try {
- is = new URL( fileOrURL ).openStream();
- } catch (MalformedURLException mfurle) {
-
- // if it looks like an url throw this exception
- // otherwise throw the file not found exception
- // If there is no : or an early colon then it's
- // probably a file (e.g. /foo/myjar.jar or a:/foo/myjar.jar)
- if (fileOrURL.indexOf(':') > 2)
- throw mfurle;
- throw fnfe;
- }
- }
- if (bufferSize > 0)
- is = new BufferedInputStream(is,bufferSize);
-
- return is;
}
}
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java?view=diff&rev=473828&r1=473827&r2=473828
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java Sat Nov 11 15:11:56 2006
@@ -40,13 +40,15 @@
import org.apache.derby.iapi.store.access.FileResource;
import org.apache.derby.catalog.UUID;
import org.apache.derby.iapi.services.io.FileUtil;
-import org.apache.derby.io.StorageFile;
+import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.sql.CallableStatement;
-import java.sql.Connection;
-import java.sql.SQLException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+
class JarUtil
{
@@ -97,7 +99,7 @@
InputStream is = null;
try {
- is = FileUtil.getInputStream(externalPath, 0);
+ is = openJarURL(externalPath);
return jutil.add(is);
} catch (java.io.IOException fnfe) {
throw StandardException.newException(SQLState.SQLJ_INVALID_JAR, fnfe, externalPath);
@@ -255,7 +257,7 @@
try {
- is = FileUtil.getInputStream(externalPath, 0);
+ is = openJarURL(externalPath);
return jutil.replace(is,purgeOnCommit);
} catch (java.io.IOException fnfe) {
@@ -343,4 +345,38 @@
ClassFactory cf = lcc.getLanguageConnectionFactory().getClassFactory();
cf.notifyModifyJar(reload);
}
+
+ /**
+ * Open an input stream to read a URL or a file.
+ * URL is attempted first, if the string does not conform
+ * to a URL then an attempt to open it as a regular file
+ * is tried.
+ * <BR>
+ * Attempting the file first can throw a security execption
+ * when a valid URL is passed in.
+ * The security exception is due to not have the correct permissions
+ * to access the bogus file path. To avoid this the order was reversed
+ * to attempt the URL first and only attempt a file open if creating
+ * the URL throws a MalformedURLException.
+ */
+ private static InputStream openJarURL(final String externalPath)
+ throws IOException
+ {
+ try {
+ return (InputStream) AccessController.doPrivileged
+ (new java.security.PrivilegedExceptionAction(){
+
+ public Object run() throws IOException {
+ try {
+ return new URL(externalPath).openStream();
+ } catch (MalformedURLException mfurle)
+ {
+ return new FileInputStream(externalPath);
+ }
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException) e.getException();
+ }
+ }
}