[
https://issues.apache.org/jira/browse/DERBY-6224?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13669135#comment-13669135
]
Knut Anders Hatlen commented on DERBY-6224:
-------------------------------------------
I think at the very least we need to add the permission to the policy files
used by the tests so that the tests will go through on JDK 8. Also, we should
add the permission to the default policy file that gets installed if the
network server is started from the command line, as the permission will be
needed when shutting down the server. And we should document that this
permission is needed.
We may also want to wrap the calls to DriverManager.deregisterDriver() from
AutoloadedDriver.unregisterDriverModule() in a doPrivileged block. Then it
would be sufficient to grant the extra permission to derby.jar, and it would
not be necessary to grant it to code that invokes Derby system shutdown without
the deregister=false attribute. On the other hand, not wrapping the calls in a
doPrivileged block would give more fine-grained control with who is allowed to
invoke system shutdown without deregister=false. But then again, if we skip the
doPrivileged blocks in AutoloadedDriver.unregisterDriverModule() and require
the calling code to have permission to deregister drivers, the calling code
will be allowed to deregister any driver by calling
DriverManager.deregisterDriver(). If we have doPrivileged blocks in
AutoloadedDriver and only grant the permission to derby.jar, the calling code
will only be able to deregister the Derby embedded driver indirectly via a call
to DriverManager.getConnection("jdbc:derby:;shutdown=true"). It will not be
able to deregister any registered JDBC driver on the system.
So I guess I'm leaning towards wrapping AutoloadedDriver's calls to
deregisterDriver() in a doPrivileged block and only requiring derby.jar to have
the extra permission. System privileges (DERBY-2109) is probably a better
mechanism for limiting who is allowed to invoke a system shutdown.
> Many test failures on latest JDK 8 EA build because of missing SQLPermission
> ----------------------------------------------------------------------------
>
> Key: DERBY-6224
> URL: https://issues.apache.org/jira/browse/DERBY-6224
> Project: Derby
> Issue Type: Bug
> Components: Test
> Affects Versions: 10.11.0.0
> Environment: java version "1.8.0-ea"
> Java(TM) SE Runtime Environment (build 1.8.0-ea-b89)
> Java HotSpot(TM) 64-Bit Server VM (build 25.0-b31, mixed mode)
> Reporter: Knut Anders Hatlen
>
> With the latest EA build of JDK 8 (build 1.8.0-ea-b89), I see many failures
> in suites.All. For example:
> 1)
> testStartNetworkServerFalse(org.apache.derbyTesting.functionTests.tests.derbynet.DerbyNetAutoStartTest)java.security.AccessControlException:
> access denied ("java.sql.SQLPermission" "deregisterDriver")
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:364)
> at
> java.security.AccessController.checkPermission(AccessController.java:562)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> at java.sql.DriverManager.deregisterDriver(DriverManager.java:399)
> at
> org.apache.derby.jdbc.AutoloadedDriver.unregisterDriverModule(AutoloadedDriver.java:263)
> at org.apache.derby.jdbc.Driver20.stop(Driver20.java:105)
> at
> org.apache.derby.impl.services.monitor.TopService.stop(TopService.java:443)
> at
> org.apache.derby.impl.services.monitor.TopService.shutdown(TopService.java:394)
> at
> org.apache.derby.impl.services.monitor.BaseMonitor.shutdown(BaseMonitor.java:227)
> at
> org.apache.derby.impl.services.monitor.FileMonitor.shutdown(FileMonitor.java:44)
> at
> org.apache.derby.impl.services.monitor.BaseMonitor.shutdown(BaseMonitor.java:197)
> at
> org.apache.derby.impl.services.monitor.FileMonitor.shutdown(FileMonitor.java:44)
> at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:255)
> at org.apache.derby.jdbc.Driver20.connect(Driver20.java:246)
> at
> org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:145)
> at java.sql.DriverManager.getConnection(DriverManager.java:661)
> at java.sql.DriverManager.getConnection(DriverManager.java:208)
> at
> org.apache.derbyTesting.junit.DriverManagerConnector.getConnectionByAttributes(DriverManagerConnector.java:204)
> at
> org.apache.derbyTesting.junit.DriverManagerConnector.shutEngine(DriverManagerConnector.java:171)
> at
> org.apache.derbyTesting.junit.TestConfiguration.shutdownEngine(TestConfiguration.java:1822)
> at
> org.apache.derbyTesting.functionTests.tests.derbynet.DerbyNetAutoStartTest.setUp(DerbyNetAutoStartTest.java:82)
> at
> org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:117)
> at
> org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:439)
> at
> org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:456)
> What's new in EA build 89 is that DriverManager.deregisterDriver() now
> requires an SQLPermission when running under a security manager. Most of
> suites.All runs under a security manager, and Derby's engine shutdown code
> calls deregisterDriver(), so this problem probably affects all tests that
> shut down the engine.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
