[cassandra] branch trunk updated: thread aware sec manager fix for jar based loaders

Wed, 12 Feb 2020 11:35:12 -0800 

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git


The following commit(s) were added to refs/heads/trunk by this push:
     new c76a3a9  thread aware sec manager fix for jar based loaders
c76a3a9 is described below

commit c76a3a940dc46e6f09d26b2f6d6b24020157fc0d
Author: gus <[email protected]>
AuthorDate: Thu Feb 6 11:09:18 2020 -0500

    thread aware sec manager fix for jar based loaders
    
    Patch by Gus Heck, reviewed by brandonwilliams for CASSANDRA-15494
---
 CHANGES.txt                                                    |  1 +
 .../apache/cassandra/security/ThreadAwareSecurityManager.java  | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 6235046..82e69e0 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 4.0-alpha4
+ * allow embedded cassandra launched from a one-jar or uno-jar 
(CASSANDRA-15494)
  * Update hppc library to version 0.8.1 (CASSANDRA-12995)
  * Limit the dependencies used by UDFs/UDAs (CASSANDRA-14737)
  * Make native_transport_max_concurrent_requests_in_bytes updatable 
(CASSANDRA-15519)
diff --git 
a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java 
b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
index 6500c8f..86c8b5b 100644
--- a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java
@@ -110,7 +110,11 @@ public final class ThreadAwareSecurityManager extends 
SecurityManager
 
                 switch (codesource.getLocation().getProtocol())
                 {
-                    case "file":
+                    case "jar":   // One-JAR or Uno-Jar source
+                        if 
(!codesource.getLocation().getPath().startsWith("file:")) {
+                            return perms;
+                        } // else fall through and add AllPermission()
+                    case "file":  // Standard file system source
                         // All JARs and class files reside on the file system 
- we can safely
                         // assume that these classes are "good".
                         perms.add(new AllPermission());
@@ -133,7 +137,9 @@ public final class ThreadAwareSecurityManager extends 
SecurityManager
 
                 switch (codesource.getLocation().getProtocol())
                 {
-                    case "file":
+                    case "jar":   // One-JAR or Uno-Jar source
+                        return 
codesource.getLocation().getPath().startsWith("file:");
+                    case "file":  // Standard file system source
                         // All JARs and class files reside on the file system 
- we can safely
                         // assume that these classes are "good".
                         return true;


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to