You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by km...@apache.org on 2007/10/18 20:25:36 UTC

svn commit: r586052 - /db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java

Author: kmarsden
Date: Thu Oct 18 11:25:35 2007
New Revision: 586052

URL: http://svn.apache.org/viewvc?rev=586052&view=rev
Log:
DERBY-3126 Do not run negative scale test with jdk1.4.2


Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java?rev=586052&r1=586051&r2=586052&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java Thu Oct 18 11:25:35 2007
@@ -37,6 +37,11 @@
 
 
 import java.util.Properties;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.sql.SQLException;
 
 /**
@@ -170,7 +175,10 @@
 			// Connect & authenticate (bind) to the LDAP server now
 
 			// it is happening right here
-			DirContext ctx = new InitialDirContext(env);
+
+            DirContext ctx =   privInitialDirContext(env);
+          
+            
 
 			// if the above was successfull, then username and
 			// password must be correct
@@ -189,7 +197,33 @@
 		throw getLoginSQLException(e);
 	}
 
-	/**
+	
+
+    /**
+     * Call new InitialDirContext in a privilege block
+     * @param env environment used to create the initial DirContext. Null indicates an empty environment.
+     * @return an initial DirContext using the supplied environment. 
+     */
+    private DirContext privInitialDirContext(final Properties env) throws NamingException {
+        try {
+            return ((InitialDirContext)AccessController.doPrivileged(
+                    new PrivilegedExceptionAction() {
+                        public Object run() throws SecurityException, NamingException {
+                            return new InitialDirContext(env);
+                    }
+                }));
+    } catch (PrivilegedActionException pae) {
+            Exception e = pae.getException();
+       
+            if (e instanceof NamingException)
+                    throw (NamingException)e;
+            else
+                throw (SecurityException)e;
+        }   
+   
+    }   
+
+    /**
 	 * This method basically tests and sets default/expected JNDI properties
 	 * for the JNDI provider scheme (here it is LDAP).
 	 *
@@ -353,15 +387,51 @@
 		{
 			if (SanityManager.DEBUG_ON(
 						AuthenticationServiceBase.AuthenticationTrace)) {
-				try {
-					initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
-								new java.io.FileOutputStream("CloudLDAP.out"));
-				} catch (java.io.IOException ie) {}
+                             
+                                // This tracing needs some investigation and cleanup.
+                                // 1) It creates the file in user.dir instead of derby.system.home
+                                // 2) It doesn't seem to work. The file is empty after successful
+                                //    and unsuccessful ldap connects.  Perhaps the fileOutputStream
+                                // is never flushed and closed.
+                                // I (Kathey Marsden) wrapped this in a priv block and kept the previous
+                                // behaviour that it will not stop processing if file 
+                                // creation fails. Perhaps that should be investigated as well.
+                                FileOutputStream fos = null;
+                                try {
+                                    fos = privNewFileOutputStream("DerbyLDAP.out");
+                                } catch (Exception e) {
+                                    // If file creation fails do not stop execution.
+                                }
+                                if (fos != null)
+                                    initDirContextEnv.put("com.sun.naming.ldap.trace.ber",fos);
+
+				
 			}
 		}
 	}
 
 	/**
+     * Construct a new FileOutputStream in a privilege block.
+     * 
+	 * @param fileName Filename to create
+	 * @return 
+	 * @throws IOException
+	 */
+	private FileOutputStream privNewFileOutputStream(final String fileName) throws IOException{
+	    try {
+            return ((FileOutputStream)AccessController.doPrivileged(
+                        new PrivilegedExceptionAction() {
+                            public Object run() throws SecurityException, java.io.IOException {
+                                return new  FileOutputStream(fileName);
+                            }
+                        }));
+        } catch (PrivilegedActionException pae) {
+            throw (SecurityException)pae.getException();
+        }
+    }
+	
+
+	/**
 	 * Search for the full user's DN in the LDAP server.
 	 * LDAP server bind may or not be anonymous.
 	 *
@@ -389,7 +459,7 @@
 		else
 			env = initDirContextEnv;
 
-		DirContext ctx = new InitialDirContext(env);
+		DirContext ctx = privInitialDirContext(env);
 
 		// Construct Search Filter
 		SearchControls ctls = new SearchControls();