[ http://issues.apache.org/jira/browse/DERBY-626?page=all ]
Daniel John Debrunner resolved DERBY-626:
-----------------------------------------
Fix Version: 10.2.0.0
Resolution: Fixed
Changes for DERBY-615 that enable secuirty manager by default show that the bug
is indeed fixed.
Trunk changes merged to 10.1 svn revision 330110.
> Booting embedded engine requires read permission to derby.jar be granted for
> all code in the stack
> --------------------------------------------------------------------------------------------------
>
> Key: DERBY-626
> URL: http://issues.apache.org/jira/browse/DERBY-626
> Project: Derby
> Type: Bug
> Components: Security, Services
> Versions: 10.1.1.0, 10.2.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Critical
> Fix For: 10.1.2.1, 10.2.0.0
>
> When running in a security manager the embedded engine uses
> ClassLoader.getResources() to obtain the set of modules.properties files.
> This method returns an empty set if running in a security manager and
> permission has not been granted to read derby.jar to all code in the stack,
> unless the method is executed in a privileged block.
> This is a regression early on in Derby's life and was not caught because of
> lack of testing under the security manager and was hidden by the need to
> grant read permission for DERBY-622.
> The embedded code does not need this permission to be granted since 'Note:
> code can always read a file from the same directory it's in (or a
> subdirectory of that directory); it does not need explicit permission to do
> so.'
> Need to re-factor code to ensure that the call to getResources and opening
> the resulting URL is all in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
