Derby
  1. Derby
  2. DERBY-3614

Granted SystemPermissions are ignored when granted later with same target and different action

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.4.1.3
    • Fix Version/s: None
    • Component/s: Miscellaneous
    • Environment:
      Security Manager installed, custom policy file
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      org.apache.derby.security.SystemPermission represents access to system-wide Derby privileges, such as privileges relating to JMX management and monitoring. A system permission is identified by a name (aka. "target") and optionally an action associated with that name. SystemPermission extends java.security.BasicPermission. See also DERBY-3491.

      If a SystemPermission is granted for the same target (name) more than once in a set of policy files loaded by the security manager, the last entry seems to overwrite any previous entries, potentially causing SecurityExceptions. Details follow.

      The currently accepted targets are: engine, server, jmx
      The currently accepted actions are: monitor, control, shutdown

      If a policy file specifies e.g.

      grant

      { permission org.apache.derby.security.SystemPermission "server", "monitor"; permission org.apache.derby.security.SystemPermission "server", "control"; }

      then the first ("server", "monitor") permission is ignored when the permission checks are actually performed by the security manager.

      No documentation currently specifies the behavior of SystemPermission in such cases. It seems that the most common and least error-prone way of handling this is to accept each permission grant entry unless there is a conflict between the entries (in which case the result should be well defined and documented).

      Current behavior seems unintuitive and is contrary to the behavior of similar permissions available in the Java platform, e.g. java.util.PropertyPermission which also extends java.security.BasicPermission. For example, the following grants both "read" and "write" permissions to all Principals and codebases:

      grant

      { permission java.util.PropertyPermission "my.sysprop", "write"; permission java.util.PropertyPermission "my.sysprop", "read"; }

      A workaround is to make sure that the same permission/target is not specified more than once within a set of policy files. If more than one action needs to be granted for the same target, the following syntax will work:

      grant

      { permission org.apache.derby.security.SystemPermission "server", "monitor,control"; }

        Issue Links

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              John H. Embretsen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Development