[
https://issues.apache.org/jira/browse/DERBY-6626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen resolved DERBY-6626.
---------------------------------------
Resolution: Fixed
Fix Version/s: 10.11.0.0
Assignee: Knut Anders Hatlen
> Check type of user-supplied modules before creating instances
> -------------------------------------------------------------
>
> Key: DERBY-6626
> URL: https://issues.apache.org/jira/browse/DERBY-6626
> Project: Derby
> Issue Type: Improvement
> Components: Miscellaneous
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.11.0.0
>
> Attachments: d6626-1a-encryptionProvider.diff, d6626-2a.diff,
> d6626-3a-custom-tools.diff
>
>
> Derby allows users to specify names of classes to use for various pluggable
> modules.
> In some cases, it verifies that the class implements the expected interface
> before it creates an instance of the class. For example in
> SpecificAuthenticactionServiceImpl:
> {code}
> Class sasClass =
> Class.forName(specificAuthenticationScheme);
> if
> (!UserAuthenticator.class.isAssignableFrom(sasClass)) {
> throw
> StandardException.newException(SQLState.AUTHENTICATION_NOT_IMPLEMENTED,
> specificAuthenticationScheme,
> "org.apache.derby.authentication.UserAuthenticator");
> }
> UserAuthenticator aScheme = (UserAuthenticator)
> sasClass.newInstance();
> {code}
> In other cases, it creates an instance without checking, and instead fails
> with a ClassCastException or some other exception when trying to use the
> instance of the incorrect type. Examples: Java5SystemProcedures
> SYSCS_REGISTER_TOOL(), JCECipherFactory, SequenceUpdater.makePreallocator().
> I think it would be good to have similar checks in these other cases too.
> That'll give clearer error messages which explain what the problem is, and it
> will be safer because it limits which constructors the users can force the
> Derby engine to invoke.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
