[DERBY-6626] Check type of user-supplied modules before creating instances - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.11.1.1
Fix Version/s: 10.11.1.1
Component/s: Miscellaneous
Labels:
None

Description

Derby allows users to specify names of classes to use for various pluggable modules.

In some cases, it verifies that the class implements the expected interface before it creates an instance of the class. For example in SpecificAuthenticactionServiceImpl:

			Class sasClass = Class.forName(specificAuthenticationScheme);
			if (!UserAuthenticator.class.isAssignableFrom(sasClass)) {
				throw StandardException.newException(SQLState.AUTHENTICATION_NOT_IMPLEMENTED,
					specificAuthenticationScheme, "org.apache.derby.authentication.UserAuthenticator");
			}

			UserAuthenticator aScheme = (UserAuthenticator) sasClass.newInstance();

In other cases, it creates an instance without checking, and instead fails with a ClassCastException or some other exception when trying to use the instance of the incorrect type. Examples: Java5SystemProcedures SYSCS_REGISTER_TOOL(), JCECipherFactory, SequenceUpdater.makePreallocator().

I think it would be good to have similar checks in these other cases too. That'll give clearer error messages which explain what the problem is, and it will be safer because it limits which constructors the users can force the Derby engine to invoke.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

d6626-1a-encryptionProvider.diff
01/Jul/14 10:51
13 kB
Knut Anders Hatlen
d6626-2a.diff
04/Jul/14 07:07
10 kB
Knut Anders Hatlen
d6626-3a-custom-tools.diff
07/Jul/14 08:04
6 kB
Knut Anders Hatlen

Activity

People

Assignee:: Knut Anders Hatlen

Reporter:: Knut Anders Hatlen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 19/Jun/14 12:32

Updated:: 09/Sep/16 09:51

Resolved:: 09/Jul/14 11:07