Derby
  1. Derby
  2. DERBY-537

SQLJ.INSTALL_JAR and SQLJ.UPDATE_JAR fail when running with a SecurityManager enabled.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 10.1.1.0
    • Fix Version/s: 10.1.3.2, 10.2.2.1, 10.3.1.4
    • Component/s: SQL
    • Labels:
      None
    • Bug behavior facts:
      Security

      Description

      Seen if running the lang/dcl.sql test with a SecurityManager. Accessing the jar file is not within a priviledged block.

      1. derby-537_10_1_diff.txt
        49 kB
        Kathey Marsden
      2. derby-537_10.2_diff.txt
        50 kB
        Kathey Marsden
      3. derby-537_10.2_stat.txt
        1 kB
        Kathey Marsden

        Activity

        Hide
        Daniel John Debrunner added a comment -

        Committed revision 473828 to read the jar file in a privileged block.
        Still exceptions are thrown with install_jar and replace_jar as writing the jar file into the database jar folder seems to not be under a privileged block.

        Show
        Daniel John Debrunner added a comment - Committed revision 473828 to read the jar file in a privileged block. Still exceptions are thrown with install_jar and replace_jar as writing the jar file into the database jar folder seems to not be under a privileged block.
        Hide
        Daniel John Debrunner added a comment -

        Committed revision 483738

        Show
        Daniel John Debrunner added a comment - Committed revision 483738
        Hide
        Kathey Marsden added a comment -

        reopen for backport

        Show
        Kathey Marsden added a comment - reopen for backport
        Hide
        Kathey Marsden added a comment -

        This is a port of DERBY-537 and DERBY-538 to 10.2. Changes ported were 387324,473416,473440,473780,473828,473834,474376,482812,482850,483108,483148,483160,483738,484722,543524
        Enabled dblook_test.java with security manager to test installation of jar with security manager.
        I am running derbyall now and will commit tomorrow if all goes well.

        Kathey

        Show
        Kathey Marsden added a comment - This is a port of DERBY-537 and DERBY-538 to 10.2. Changes ported were 387324,473416,473440,473780,473828,473834,474376,482812,482850,483108,483148,483160,483738,484722,543524 Enabled dblook_test.java with security manager to test installation of jar with security manager. I am running derbyall now and will commit tomorrow if all goes well. Kathey
        Hide
        Daniel John Debrunner added a comment -

        Good to have some descriptive comment of how you arrived at that list of changes for the 10.2 backport, since it seems to be a sub-set of the ones listed for the two bugs.

        Show
        Daniel John Debrunner added a comment - Good to have some descriptive comment of how you arrived at that list of changes for the 10.2 backport, since it seems to be a sub-set of the ones listed for the two bugs.
        Hide
        Kathey Marsden added a comment -

        I ported all the code changes (I think!) but not all the test changes, because of major test restructuring like the introduction of the JUnit testing infrastructure. I enabled security manager for the dblook_test to test the change in 10.2. If this goes back to 10.1 then I will probably have to test manually or add a network server test since we only test network server under security manager for 10.1

        Show
        Kathey Marsden added a comment - I ported all the code changes (I think!) but not all the test changes, because of major test restructuring like the introduction of the JUnit testing infrastructure. I enabled security manager for the dblook_test to test the change in 10.2. If this goes back to 10.1 then I will probably have to test manually or add a network server test since we only test network server under security manager for 10.1
        Hide
        Kathey Marsden added a comment -

        One question I have about the port is whether the removal of JarFileJava2.java is appropriate for the 10.2 branch. I am running tests with jdk131 to make sure it doesn't create a problem.

        Kathey

        Show
        Kathey Marsden added a comment - One question I have about the port is whether the removal of JarFileJava2.java is appropriate for the 10.2 branch. I am running tests with jdk131 to make sure it doesn't create a problem. Kathey
        Hide
        Kathey Marsden added a comment -

        1.3.1 tests passed with only known failures. So, I will go ahead and check this in in an hour or so unless anyone has comments on the patch.

        Kathey

        Show
        Kathey Marsden added a comment - 1.3.1 tests passed with only known failures. So, I will go ahead and check this in in an hour or so unless anyone has comments on the patch. Kathey
        Hide
        Kathey Marsden added a comment -

        Here is the 10.1 patch. Running tests now.

        Show
        Kathey Marsden added a comment - Here is the 10.1 patch. Running tests now.
        Hide
        Myrna van Lunteren added a comment -

        I don't see anything bad in testing as a result of this. Marking resolved.

        Show
        Myrna van Lunteren added a comment - I don't see anything bad in testing as a result of this. Marking resolved.
        Hide
        Kathey Marsden added a comment -

        reclosing this issue

        Show
        Kathey Marsden added a comment - reclosing this issue

          People

          • Assignee:
            Daniel John Debrunner
            Reporter:
            Daniel John Debrunner
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development