[
https://issues.apache.org/jira/browse/DERBY-6626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-6626:
--------------------------------------
Attachment: d6626-3a-custom-tools.diff
[^d6626-3a-custom-tools.diff] makes SYSCS_REGISTER_TOOL check that the
specified custom tool class implements OptionalTool before trying to create an
instance of it. If it doesn't, it now raises a custom exception instead of
unexpected user exception.
Before:
{noformat}
ij> call syscs_util.syscs_register_tool('customTool', true,
'java.lang.Integer');
ERROR XJ001: Java exception: 'java.lang.InstantiationException:
java.lang.Integer'.
ERROR XJ001: Java exception: 'java.lang.Integer:
java.lang.InstantiationException'.
ERROR XJ001: Java exception: 'java.lang.Integer.<init>():
java.lang.NoSuchMethodException'.
{noformat}
After:
{noformat}
ij> call syscs_util.syscs_register_tool('customTool', true,
'java.lang.Integer');
ERROR X0Y88: The class 'java.lang.Integer' does not implement the
org.apache.derby.iapi.sql.dictionary.OptionalTool interface.
{noformat}
All tests ran cleanly with the patch.
> Check type of user-supplied modules before creating instances
> -------------------------------------------------------------
>
> Key: DERBY-6626
> URL: https://issues.apache.org/jira/browse/DERBY-6626
> Project: Derby
> Issue Type: Improvement
> Components: Miscellaneous
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Attachments: d6626-1a-encryptionProvider.diff, d6626-2a.diff,
> d6626-3a-custom-tools.diff
>
>
> Derby allows users to specify names of classes to use for various pluggable
> modules.
> In some cases, it verifies that the class implements the expected interface
> before it creates an instance of the class. For example in
> SpecificAuthenticactionServiceImpl:
> {code}
> Class sasClass =
> Class.forName(specificAuthenticationScheme);
> if
> (!UserAuthenticator.class.isAssignableFrom(sasClass)) {
> throw
> StandardException.newException(SQLState.AUTHENTICATION_NOT_IMPLEMENTED,
> specificAuthenticationScheme,
> "org.apache.derby.authentication.UserAuthenticator");
> }
> UserAuthenticator aScheme = (UserAuthenticator)
> sasClass.newInstance();
> {code}
> In other cases, it creates an instance without checking, and instead fails
> with a ClassCastException or some other exception when trying to use the
> instance of the incorrect type. Examples: Java5SystemProcedures
> SYSCS_REGISTER_TOOL(), JCECipherFactory, SequenceUpdater.makePreallocator().
> I think it would be good to have similar checks in these other cases too.
> That'll give clearer error messages which explain what the problem is, and it
> will be safer because it limits which constructors the users can force the
> Derby engine to invoke.
--
This message was sent by Atlassian JIRA
(v6.2#6252)