[
https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623467#comment-14623467
]
Bryan Pendleton commented on DERBY-6741:
----------------------------------------
With OpenJDK 1.8.0_45 running on Fedora22, I see highly intermittent
failures in
NoDBInternalsPermissionTest.test_002_EmbedConnection
My error is:
java.security.AccessControlException: access denied
org.apache.derby.security.SystemPermission( "engine", "usederbyinternals" )
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at
org.apache.derby.iapi.security.SecurityUtil.checkDerbyInternalsPrivilege(SecurityUtil.java:221)
at
org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Monitor.java:339)
at
org.apache.derby.iapi.services.property.PropertyUtil$2.run(PropertyUtil.java:719)
at
org.apache.derby.iapi.services.property.PropertyUtil$2.run(PropertyUtil.java:716)
at java.security.AccessController.doPrivileged(Native Method)
The error is quite hard to reproduce, and seems only to happen in large suite
runs.
Any thoughts on what might be happening?
> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
> Key: DERBY-6741
> URL: https://issues.apache.org/jira/browse/DERBY-6741
> Project: Derby
> Issue Type: Bug
> Components: JDBC, Services
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Fix For: 10.12.0.0
>
> Attachments: derby-6741-01-aa-usederbyinternals.diff
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals
> like the ContextManager is a security risk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
