You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ma...@apache.org on 2014/11/12 21:27:55 UTC
svn commit: r1639031 - in /db/derby/code/branches/10.10: ./
java/engine/org/apache/derby/impl/io/
java/testing/org/apache/derbyTesting/functionTests/tests/lang/
Author: mamta
Date: Wed Nov 12 20:27:54 2014
New Revision: 1639031
URL: http://svn.apache.org/r1639031
Log:
DERBY-5615(NPE in Store when running SELECT in a read-only database accessed via the classpath subprotocol when authentication, authorization, and Java security are turned on)
Backporting to 10.10
Modified:
db/derby/code/branches/10.10/ (props changed)
db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/CPFile.java
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
Propchange: db/derby/code/branches/10.10/
------------------------------------------------------------------------------
Merged /db/derby/code/trunk:r1582655,1582754
Modified: db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/CPFile.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/CPFile.java?rev=1639031&r1=1639030&r2=1639031&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/CPFile.java (original)
+++ db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/CPFile.java Wed Nov 12 20:27:54 2014
@@ -23,10 +23,16 @@ package org.apache.derby.impl.io;
import org.apache.derby.io.StorageFile;
+import java.io.IOException;
import java.io.InputStream;
import java.io.FileNotFoundException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.sql.SQLException;
/**
* This class provides a class path based implementation of the StorageFile interface. It is used by the
@@ -90,30 +96,32 @@ class CPFile extends InputStreamFile
*/
public InputStream getInputStream( ) throws FileNotFoundException
{
- //System.out.println("HERE FOR " + toString());
- InputStream is = null;
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
- if (cl != null)
- is = cl.getResourceAsStream(path);
-
- // don't assume the context class loader is tied
- // into the class loader that loaded this class.
- if (is == null)
- {
- cl = getClass().getClassLoader();
- // Javadoc indicates implementations can use
- // null as a return from Class.getClassLoader()
- // to indicate the system/bootstrap classloader.
- if (cl != null)
- is = cl.getResourceAsStream(path);
- else
- is = ClassLoader.getSystemResourceAsStream(path);
- }
-
- if (is == null)
- throw new FileNotFoundException(toString());
- return is;
-
+ InputStream is = null;
+ ClassLoader cl = getContextClassLoader(Thread.currentThread());
+ if (cl != null) {
+ is = getResourceAsStream(cl, path);
+ }
+
+ // don't assume the context class loader is tied
+ // into the class loader that loaded this class.
+ if (is == null) {
+ cl = getClass().getClassLoader();
+ // Javadoc indicates implementations can use
+ // null as a return from Class.getClassLoader()
+ // to indicate the system/bootstrap classloader.
+ if (cl != null) {
+ is = getResourceAsStream(cl, path);
+ } else {
+ is = getSystemResourceAsStream(path);
+ }
+ }
+
+ if (is == null) {
+ throw new FileNotFoundException(toString());
+ }
+
+ return is;
+
} // end of getInputStream
/**
@@ -123,10 +131,10 @@ class CPFile extends InputStreamFile
*/
public URL getURL() {
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ ClassLoader cl = getContextClassLoader(Thread.currentThread());
URL myURL;
if (cl != null) {
- myURL = cl.getResource(path);
+ myURL = getResource(cl, path);
if (myURL != null)
return myURL;
}
@@ -138,9 +146,71 @@ class CPFile extends InputStreamFile
// null as a return from Class.getClassLoader()
// to indicate the system/bootstrap classloader.
if (cl != null) {
- return cl.getResource(path);
+ return getResource(cl, path);
} else {
- return ClassLoader.getSystemResource(path);
+ return getSystemResource(path);
}
}
+
+ /** Privileged wrapper for {@code Thread.getContextClassLoader()}. */
+ private static ClassLoader getContextClassLoader(final Thread thread) {
+ ClassLoader classLoader = (ClassLoader) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return thread.getContextClassLoader();
+ }
+ });
+ return classLoader;
+ }
+
+ /** Privileged wrapper for {@code ClassLoader.getResource(String)}. */
+ private static URL getResource(
+ final ClassLoader cl, final String name) {
+ URL url = (URL) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return cl.getResource(name);
+ }
+ });
+ return url;
+ }
+
+ /** Privileged wrapper for {@code ClassLoader.getSystemResource(String)}. */
+ private static URL getSystemResource(final String name) {
+ URL url = (URL) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return ClassLoader.getSystemResource(name);
+ }
+ });
+ return url;
+ }
+
+ /**
+ * Privileged wrapper for {@code ClassLoader.getResourceAsStream(String)}.
+ */
+ private static InputStream getResourceAsStream(
+ final ClassLoader cl, final String name) {
+ InputStream is = (InputStream) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return cl.getResourceAsStream(name);
+ }
+ });
+ return is;
+ }
+
+ /**
+ * Privileged wrapper for
+ * {@code ClassLoader.getSystemResourceAsStream(String)}.
+ */
+ private static InputStream getSystemResourceAsStream(final String name) {
+ InputStream is = (InputStream) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return ClassLoader.getSystemResourceAsStream(name);
+ }
+ });
+ return is;
+ }
}
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java?rev=1639031&r1=1639030&r2=1639031&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java Wed Nov 12 20:27:54 2014
@@ -48,6 +48,7 @@ import junit.framework.TestSuite;
import org.apache.derby.iapi.services.info.JVMInfo;
+import org.apache.derbyTesting.functionTests.util.PrivilegedFileOpsForTests;
import org.apache.derbyTesting.junit.BaseJDBCTestCase;
import org.apache.derbyTesting.junit.CleanDatabaseTestSetup;
import org.apache.derbyTesting.junit.JDBC;
@@ -117,11 +118,10 @@ public class DatabaseClassLoadingTest ex
suite.addTest(new DatabaseClassLoadingTest(orderedTests[i]));
}
- suite.addTest(SecurityManagerSetup.noSecurityManager(
- new DatabaseClassLoadingTest("testDatabaseInJar")));
+ suite.addTest(new DatabaseClassLoadingTest("testDatabaseInJar"));
- suite.addTest(SecurityManagerSetup.noSecurityManager(
- new DatabaseClassLoadingTest("testDatabaseInClasspath")));
+ suite.addTest(
+ new DatabaseClassLoadingTest("testDatabaseInClasspath"));
// No security manager because the test uses getClass().getClassLoader()
// in an installed jar to ensure that the class loader for
@@ -635,7 +635,9 @@ public class DatabaseClassLoadingTest ex
public void testDatabaseInJar() throws SQLException
{
File jarFile = SupportFilesSetup.getReadOnly("dclt.jar");
- String dbName = "jar:(" + jarFile.getAbsolutePath() + ")dbro";
+ String dbName = "jar:(" +
+ PrivilegedFileOpsForTests.getAbsolutePath(jarFile) + ")dbro";
+
DataSource ds = JDBCDataSource.getDataSource(dbName);
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java?rev=1639031&r1=1639030&r2=1639031&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/lang/NativeAuthenticationServiceTest.java Wed Nov 12 20:27:54 2014
@@ -36,7 +36,6 @@ import org.apache.derbyTesting.junit.Cla
import org.apache.derbyTesting.junit.DatabaseChangeSetup;
import org.apache.derbyTesting.junit.JDBC;
import org.apache.derbyTesting.junit.JDBCDataSource;
-import org.apache.derbyTesting.junit.SecurityManagerSetup;
import org.apache.derbyTesting.junit.SupportFilesSetup;
import org.apache.derbyTesting.junit.SystemPropertyTestSetup;
import org.apache.derbyTesting.junit.TestConfiguration;
@@ -72,9 +71,6 @@ public class NativeAuthenticationService
private static final boolean DISABLE_AUTHORIZATION = true;
private static final boolean DONT_DISABLE_AUTH = false;
- private static final boolean DISABLE_JAVA_SECURITY = true;
- private static final boolean ENABLE_JAVA_SECURITY = false;
-
// fruits are legal users. nuts are not
private static final String DBO = "KIWI";
private static final String APPLE_USER = "APPLE";
@@ -157,7 +153,6 @@ public class NativeAuthenticationService
private final boolean _nativeAuthentication;
private final boolean _localAuthentication;
private final boolean _turnOffAuthenticationAndAuthorization;
- private final boolean _disableSecurityManager;
private String _credentialsDBPhysicalName;
@@ -183,8 +178,7 @@ public class NativeAuthenticationService
int credentialsDBLocation,
boolean nativeAuthentication,
boolean localAuthentication,
- boolean turnOffAuthenticationAndAuthorization,
- boolean disableSecurityManager
+ boolean turnOffAuthenticationAndAuthorization
)
{
super( "testAll" );
@@ -193,7 +187,6 @@ public class NativeAuthenticationService
_nativeAuthentication = nativeAuthentication;
_localAuthentication = localAuthentication;
_turnOffAuthenticationAndAuthorization = turnOffAuthenticationAndAuthorization;
- _disableSecurityManager = disableSecurityManager;
}
///////////////////////////////////////////////////////////////////////////////////
@@ -328,14 +321,11 @@ public class NativeAuthenticationService
String authOverrides = _turnOffAuthenticationAndAuthorization ?
"Authentication/Authorization turned OFF, " :
"Authentication/Authorization DEFAULT, ";
- String securityManager = _disableSecurityManager ?
- "SecurityManager OFF, " :
- "SecurityManager ON, ";
String embedded = isEmbedded() ?
"Embedded" :
"Client/Server";
- return "[ " + dbLocation + authType + local + authOverrides + securityManager + embedded + " ]";
+ return "[ " + dbLocation + authType + local + authOverrides + embedded + " ]";
}
/** Return true if the test is running embedded */
@@ -367,7 +357,7 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( JAR_ENCRYPTED, NATIVE, LOCAL, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( JAR_ENCRYPTED, NATIVE, LOCAL, DONT_DISABLE_AUTH )
).decorate( false )
);
}
@@ -401,7 +391,7 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( NONE, NO_AUTH, SYSTEM_WIDE, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( NONE, NO_AUTH, SYSTEM_WIDE, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
@@ -412,14 +402,14 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( FILE, NATIVE, LOCAL, DISABLE_AUTHORIZATION, ENABLE_JAVA_SECURITY )
+ ( FILE, NATIVE, LOCAL, DISABLE_AUTHORIZATION )
).decorate( clientServer )
);
suite.addTest
(
(
new NativeAuthenticationServiceTest
- ( FILE, NATIVE, LOCAL, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( FILE, NATIVE, LOCAL, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
@@ -430,14 +420,14 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( FILE, NATIVE, SYSTEM_WIDE, DISABLE_AUTHORIZATION, ENABLE_JAVA_SECURITY )
+ ( FILE, NATIVE, SYSTEM_WIDE, DISABLE_AUTHORIZATION )
).decorate( clientServer )
);
suite.addTest
(
(
new NativeAuthenticationServiceTest
- ( FILE, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( FILE, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
@@ -453,14 +443,14 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( JAR, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( JAR, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
suite.addTest
(
(
new NativeAuthenticationServiceTest
- ( JAR, NATIVE, LOCAL, DONT_DISABLE_AUTH, ENABLE_JAVA_SECURITY )
+ ( JAR, NATIVE, LOCAL, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
@@ -471,14 +461,14 @@ public class NativeAuthenticationService
(
(
new NativeAuthenticationServiceTest
- ( CLASSPATH, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH, DISABLE_JAVA_SECURITY )
+ ( CLASSPATH, NATIVE, SYSTEM_WIDE, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
suite.addTest
(
(
new NativeAuthenticationServiceTest
- ( CLASSPATH, NATIVE, LOCAL, DONT_DISABLE_AUTH, DISABLE_JAVA_SECURITY )
+ ( CLASSPATH, NATIVE, LOCAL, DONT_DISABLE_AUTH )
).decorate( clientServer )
);
} // end if !onWindows()
@@ -499,8 +489,6 @@ public class NativeAuthenticationService
Test result = this;
- if ( _disableSecurityManager ) { result = SecurityManagerSetup.noSecurityManager( result ); }
-
//
// Putting the clientServer decorator on the inside allows the server-side
// embedded driver to be re-registered after engine shutdown. If you put
@@ -876,11 +864,8 @@ public class NativeAuthenticationService
// database accessed via jar subprotocol
vetProtocol( jarDBName( _credentialsDBLocation ) );
- //
- // We only use the classpath subprotocol if we are not running under a security manager.
- // We may be able to remove that restriction after DERBY-5615 is fixed.
- //
- if ( _disableSecurityManager ) { vetProtocol( classpathDBName() ); }
+ // database accessed via classpath subprotocol
+ vetProtocol( classpathDBName() );
}
///////////////////////////////////////////////////////////////////////////////////