[
https://issues.apache.org/jira/browse/DERBY-3547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16658027#comment-16658027
]
Rick Hillegas commented on DERBY-3547:
--------------------------------------
The situation has gotten considerably worse over the last decade. Now we a
great number of these test policy files.
Here's what makes sense to me:
1) We should create a derbyBuild utility which generates policy files during
Derby compilation.
2) The utility should be driven by a descriptor, which describes each policy
file.
3) In the descriptor, it should be possible to say that a given policy can be
constructed from a parent policy by adding or subtracting permissions. This
will be very useful in describing the test policy files.
4) There should be a template policy file for most of the published
configurations (see the public API javadoc for a list of these configurations).
That means that we have a separate template policy for the shared module, for
the embedded engine, for the server, for the remote client, for tests, and for
optional tests.
> Create a utility that generates a security policy file for Derby's tests
> ------------------------------------------------------------------------
>
> Key: DERBY-3547
> URL: https://issues.apache.org/jira/browse/DERBY-3547
> Project: Derby
> Issue Type: Improvement
> Components: Test
> Reporter: Daniel John Debrunner
> Priority: Minor
>
> With the number of current test policy files it is becoming a pain to
> remember to modify all of them when needed to add a new permission.
> In addition with JMX, SystemPermission (and DatabasePermission) support,
> testing of fine-grained permissions will become unmanagable if a new policy
> file is needed for every combination.
> I suggest a java utility that can be used in a test decorator to create a set
> of permissions that can then be modified before creating a real policy file
> and pointing the security manager to it. I imagine an api like:
> TestPolicy() - constructor creates a set of permissions that corresponds to
> the current derby_tests.policy (or similar)
> The object supports a number of code bases, corresponding to the current
> jars, e.g.
> derby, derbynet, derbytools,derbyclient,ant,emma, junit,
> removeCodebase(String code) - remove all the permissions for a given code
> base. Allows specific testing, e.g. with just client tests don't have
> permissions for any other jars.
> removePermission(String code, Permission permission) - remove a single
> permission from a code base - allows negative testing, what happens if this
> permission is not available.
> addPermission(String code, Permission permission) - add a permission into the
> code base
> writePolicyFile(PrintStream out) - write the policy file out
> This would also stop the need for derby_tests.policy to have a jar and
> classes section with duplicated information, TestPolicy would just create the
> grant code blocks with the correct code location.
> TestPolicy could obviously be expanded as new needs appear, eg. Principal
> testing.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
