You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Martin Zaun (JIRA)" <ji...@apache.org> on 2008/05/29 09:00:45 UTC

[jira] Updated: (DERBY-3531) DatabasePermission uses a JDK 1.4 method that is not present in J2ME/CDC/Foundation.

     [ https://issues.apache.org/jira/browse/DERBY-3531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Zaun updated DERBY-3531:
-------------------------------

    Attachment: DERBY-3531-0.diff
                DERBY-3531-0.stat


The patch DERBY-3531-0 addresses the issue with DatabasePermission using
the JDK 1.4 method String.split(), which is not available under the JSR169.

Before committing, it would be good to have these changes tested against a
JSR169 platform to be sure they're effective and don't cause other issues.

I'm currently running derbyall and junit-all and will report back on the
results (looking good so far).

Summary of changes:

1) Added a method split(String, char) to iapi/util/StringUtil.java using
   StringTokenizer for its implementation.

2) Changed security/DatabasePermission.java to use StringUtil.split()
   instead of String.split().

3) Fixed and extended unitTests/junit/SystemPrivilegesPermissionTest.java:

   - Reactivated the DatabasePermission API test testDatabasePermission();
     this tests requires an all-files-read-permission for canonicalization
     of diverse directory path names.

   - Therefore, added a 2nd policy SystemPrivilegesPermissionTest1.policy,
     granting the all-files-read-permission; please, note the duplication
     of information between the unit tests two policy files (unfortunately,
     there's no "include" mechanism for .policy files).

     An alternative would have been to modify the global derby_tests.policy
     for the extended FilePermission just for the purpose of this unit test.

   - Changed TestSuite construction from using automated test extraction
     to manually added tests and added testDatabasePermission() to run with
     its own SystemPrivilegesPermissionTest1.policy.

   - Added the authorization test policyTestDatabasePermissionGrants() to
     the suite under condition that JVM_HAS_SUBJECT_AUTHORIZATION.

   - Some cleanups in this test's .policy files, mainly moving all
     permissions from a universal grant{} block to the individual codebase
     sections.

   - Some cleanups in this unit test's .java files.

With the above changes, we can unit-test DatabasePermission on the classes/
directory, but it won't be included in derby.jar and therefore not run on
jar files.

However, a prerequisite for DERBY-3495 (Enable System Privileges checks)
is to reactivate the use of DatabasePermission in EmbedConnection.java
anyway.  This step will result in the inclusion of DatabasePermission in
derby.jar -- and with the above changes 1)-3) shouldn't disrupt the tests
on a JSR169 platform anymore.

Therefore:

4) Added the use of DatabasePermission to impl/jdbc/EmbedConnection.java:

   - Added the authorization check method checkDatabaseCreatePrivileges()
     (and helper stripSubSubProtocolPrefix()), left out when committing
     the bulk of the System Privileges patch from DERBY-2109 due to the
     String.split() problems on JSR169.

   - Please, note that the invocation of checkDatabaseCreatePrivileges()
     remains still commented out and has to be activated as part of
     DERBY-3495.

   - Note that checkDatabaseCreatePrivileges() needs to call the abstract
     method InternalDriver.checkSystemPrivileges().

5) Hence, changed in jdbc/InternalDriver.java the access modifier of
   the abstract method checkSystemPrivileges(String, Permission) from
   package-local back to public (as it was suggested in DERBY-2109, but
   didn't get committed this way).

6) Adjusted implementations in jdbc/Driver169.java and jdbc/Driver20.java
   for the public access modifier of checkSystemPrivileges().

I'll add a note to DERBY-3495 about the changes 4)-6).


> DatabasePermission uses a JDK 1.4 method that is not present in J2ME/CDC/Foundation.
> ------------------------------------------------------------------------------------
>
>                 Key: DERBY-3531
>                 URL: https://issues.apache.org/jira/browse/DERBY-3531
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security
>            Reporter: Daniel John Debrunner
>            Assignee: Martin Zaun
>         Attachments: DERBY-3531-0.diff, DERBY-3531-0.stat
>
>
> causes abstract method errors once the class is used to check for database creation.
> From memory the method is String.split.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.