Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6626

Check type of user-supplied modules before creating instances

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.11.1.1
    • Fix Version/s: 10.11.1.1
    • Component/s: Miscellaneous
    • Labels:
      None

      Description

      Derby allows users to specify names of classes to use for various pluggable modules.

      In some cases, it verifies that the class implements the expected interface before it creates an instance of the class. For example in SpecificAuthenticactionServiceImpl:

      			Class sasClass = Class.forName(specificAuthenticationScheme);
      			if (!UserAuthenticator.class.isAssignableFrom(sasClass)) {
      				throw StandardException.newException(SQLState.AUTHENTICATION_NOT_IMPLEMENTED,
      					specificAuthenticationScheme, "org.apache.derby.authentication.UserAuthenticator");
      			}
      
      			UserAuthenticator aScheme = (UserAuthenticator) sasClass.newInstance();
      

      In other cases, it creates an instance without checking, and instead fails with a ClassCastException or some other exception when trying to use the instance of the incorrect type. Examples: Java5SystemProcedures SYSCS_REGISTER_TOOL(), JCECipherFactory, SequenceUpdater.makePreallocator().

      I think it would be good to have similar checks in these other cases too. That'll give clearer error messages which explain what the problem is, and it will be safer because it limits which constructors the users can force the Derby engine to invoke.

        Attachments

        1. d6626-1a-encryptionProvider.diff
          13 kB
          Knut Anders Hatlen
        2. d6626-2a.diff
          10 kB
          Knut Anders Hatlen
        3. d6626-3a-custom-tools.diff
          6 kB
          Knut Anders Hatlen

          Activity

            People

            • Assignee:
              knutanders Knut Anders Hatlen
              Reporter:
              knutanders Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: