[
https://issues.apache.org/jira/browse/DERBY-3476?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-3476:
--------------------------------------
Attachment: d3476-1a-system-permission.diff
The patch [^d3476-1a-system-permission.diff] makes the following changes:
- Add a readObject() method to the SystemPermission class which performs
validation of name and actions when deserializing a SystemPermission object.
(It performs the same checks as in the constructor.)
- Add a test case that verifies that deserialization will raise exceptions when
invalid SystemPermission objects are read from a stream.
- Add test cases that verify that the SystemPermission, DatabasePermission and
SystemPrincipal classes are declared final.
All regression tests ran cleanly with the patch.
> Permissions and Principal objects added by this feature need to be final and
> have serialization identifiers
> -----------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3476
> URL: https://issues.apache.org/jira/browse/DERBY-3476
> Project: Derby
> Issue Type: Sub-task
> Components: Services
> Reporter: Daniel John Debrunner
> Attachments: d3476-1a-system-permission.diff
>
>
> Need serialization id to ensure the class is portable across releases.
> Need final to provide security.
> (assumes patch10 is committed from DERBY-2109)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
