You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/11/12 00:11:56 UTC

svn commit: r473828 - in /db/derby/code/trunk/java/engine/org/apache/derby: iapi/services/io/FileUtil.java impl/sql/execute/JarUtil.java

Author: djd
Date: Sat Nov 11 15:11:56 2006
New Revision: 473828

URL: http://svn.apache.org/viewvc?view=rev&rev=473828
Log:
DERBY-537 (partial) Fix the reading of the jar file (through a URL or file name) for sqlj.install_jar
and replace_jar to be under a privileged block. Switched the order of lookup from the jar path to
be URL and then as a file name. Otherwise a security exception is thrown trying to open the URL
path as a file name.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java?view=diff&rev=473828&r1=473827&r2=473828
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/io/FileUtil.java Sat Nov 11 15:11:56 2006
@@ -26,7 +26,6 @@
 import org.apache.derby.io.StorageFile;
 
 import java.io.*;
-import java.net.*;
 
 /**
 	A set of public static methods for dealing with File objects.
@@ -554,40 +553,5 @@
 			return new File(name);
 		else
 			return new File(parent, name);
-	}
-
-	/**
-	 * Open an input stream to read a file or a URL
-	 * @param fileOrURL	The file or URL to open.
-	 * @param bufferSize 0 => no buffering.
-	 * @return	an InputStream
-	 * @exception StandardException	Thrown on failure
-	 */
-	public static InputStream getInputStream(String fileOrURL,int bufferSize)
-		 throws IOException
-	{
-		InputStream is;
-		try {
-			is = new FileInputStream( fileOrURL );
-		}
-
-		catch (FileNotFoundException fnfe){
-			try {
-				is = new URL( fileOrURL ).openStream();
-			} catch (MalformedURLException mfurle) {
-
-				// if it looks like an url throw this exception
-				// otherwise throw the file not found exception
-				// If there is no : or an early colon then it's
-				// probably a file (e.g. /foo/myjar.jar or a:/foo/myjar.jar)
-				if (fileOrURL.indexOf(':') > 2)
-					throw mfurle;
-				throw fnfe;
-			}
-		}
-		if (bufferSize > 0)
-			is = new BufferedInputStream(is,bufferSize);
-
-		return is;
 	}
 }

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java?view=diff&rev=473828&r1=473827&r2=473828
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/sql/execute/JarUtil.java Sat Nov 11 15:11:56 2006
@@ -40,13 +40,15 @@
 import org.apache.derby.iapi.store.access.FileResource;
 import org.apache.derby.catalog.UUID;
 import org.apache.derby.iapi.services.io.FileUtil;
-import org.apache.derby.io.StorageFile;
 
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.sql.CallableStatement;
-import java.sql.Connection;
-import java.sql.SQLException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+
 
 class JarUtil
 {
@@ -97,7 +99,7 @@
 		InputStream is = null;
 		
 		try {
-			is = FileUtil.getInputStream(externalPath, 0);
+			is = openJarURL(externalPath);
 			return jutil.add(is);
 		} catch (java.io.IOException fnfe) {
 			throw StandardException.newException(SQLState.SQLJ_INVALID_JAR, fnfe, externalPath);
@@ -255,7 +257,7 @@
 		
 
 		try {
-			is = FileUtil.getInputStream(externalPath, 0);
+			is = openJarURL(externalPath);
 
 			return jutil.replace(is,purgeOnCommit);
 		} catch (java.io.IOException fnfe) {
@@ -343,4 +345,38 @@
 		ClassFactory cf = lcc.getLanguageConnectionFactory().getClassFactory();
 		cf.notifyModifyJar(reload);
 	}
+
+    /**
+     * Open an input stream to read a URL or a file.
+     * URL is attempted first, if the string does not conform
+     * to a URL then an attempt to open it as a regular file
+     * is tried.
+     * <BR>
+     * Attempting the file first can throw a security execption
+     * when a valid URL is passed in.
+     * The security exception is due to not have the correct permissions
+     * to access the bogus file path. To avoid this the order was reversed
+     * to attempt the URL first and only attempt a file open if creating
+     * the URL throws a MalformedURLException.
+     */
+    private static InputStream openJarURL(final String externalPath)
+        throws IOException
+    {
+        try {
+            return (InputStream) AccessController.doPrivileged
+            (new java.security.PrivilegedExceptionAction(){
+                
+                public Object run() throws IOException {    
+                    try {
+                        return new URL(externalPath).openStream();
+                    } catch (MalformedURLException mfurle)
+                    {
+                        return new FileInputStream(externalPath);
+                    }
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (IOException) e.getException();
+        }
+    }
 }