You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2020/02/12 19:34:37 UTC

[cassandra] branch trunk updated: thread aware sec manager fix for jar based loaders

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git


The following commit(s) were added to refs/heads/trunk by this push:
     new c76a3a9  thread aware sec manager fix for jar based loaders
c76a3a9 is described below

commit c76a3a940dc46e6f09d26b2f6d6b24020157fc0d
Author: gus <gu...@needhamsoftware.com>
AuthorDate: Thu Feb 6 11:09:18 2020 -0500

    thread aware sec manager fix for jar based loaders
    
    Patch by Gus Heck, reviewed by brandonwilliams for CASSANDRA-15494
---
 CHANGES.txt                                                    |  1 +
 .../apache/cassandra/security/ThreadAwareSecurityManager.java  | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 6235046..82e69e0 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 4.0-alpha4
+ * allow embedded cassandra launched from a one-jar or uno-jar (CASSANDRA-15494)
  * Update hppc library to version 0.8.1 (CASSANDRA-12995)
  * Limit the dependencies used by UDFs/UDAs (CASSANDRA-14737)
  * Make native_transport_max_concurrent_requests_in_bytes updatable (CASSANDRA-15519)
diff --git a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
index 6500c8f..86c8b5b 100644
--- a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
@@ -110,7 +110,11 @@ public final class ThreadAwareSecurityManager extends SecurityManager
 
                 switch (codesource.getLocation().getProtocol())
                 {
-                    case "file":
+                    case "jar":   // One-JAR or Uno-Jar source
+                        if (!codesource.getLocation().getPath().startsWith("file:")) {
+                            return perms;
+                        } // else fall through and add AllPermission()
+                    case "file":  // Standard file system source
                         // All JARs and class files reside on the file system - we can safely
                         // assume that these classes are "good".
                         perms.add(new AllPermission());
@@ -133,7 +137,9 @@ public final class ThreadAwareSecurityManager extends SecurityManager
 
                 switch (codesource.getLocation().getProtocol())
                 {
-                    case "file":
+                    case "jar":   // One-JAR or Uno-Jar source
+                        return codesource.getLocation().getPath().startsWith("file:");
+                    case "file":  // Standard file system source
                         // All JARs and class files reside on the file system - we can safely
                         // assume that these classes are "good".
                         return true;


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org