[
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521332#comment-17521332
]
Richard N. Hillegas edited comment on DERBY-7138 at 4/12/22 8:47 PM:
---------------------------------------------------------------------
Attaching derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff. This
patch addresses the issue raised by the previous comment. This patch changes
the way that NetworkServerControlApiTest identifies the host machine. This
patch also changes that test so that it no longer installs a SecurityManager.
With this patch, the Derby tests pass cleanly with both the classpath and the
modulepath.
Touches the following files:
{noformat}
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
Disables the SecurityManager in this test. Creates NetworkServerControl objects
with the loopback host InetAddress.getByName("localhost") rather than
the actual machine host name InetAddress.getLocalHost().
{noformat}
was (Author: rhillegas):
Attaching derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff. This
patch addresses the issue raised by the previous comment. This patch changes
the way that NetworkServerControlApiTest identifies the host machine. This
patch also changes that test so that it no longer installs a SecurityManager.
With this patch, the Derby tests pass cleanly with both the classpath and the
modulepath.
Touches the following files:
{noformat}
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.java
Disables the SecurityManager in this test. Creates NetworkServerControl objects
with the loopback host InetAddress.getByName("localhost") rather than the
actual machine host name InetAddress.getLocalHost().
{noformat}
> Remove references to the Java Security Manager
> ----------------------------------------------
>
> Key: DERBY-7138
> URL: https://issues.apache.org/jira/browse/DERBY-7138
> Project: Derby
> Issue Type: Task
> Components: Build tools, Documentation
> Affects Versions: 10.16.0.0
> Reporter: Richard N. Hillegas
> Assignee: Richard N. Hillegas
> Priority: Major
> Attachments: DerbyServerTest.java, Z.java,
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff,
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff,
> derby-7138-03-aa-removePermissionsTests.diff,
> derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that
> it will be removed in a future release of Java. See
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting
> security-sensitive operations on multi-tenant servers" on the
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide.
> In its place, we should recommend that developers containerize their Derby
> applications.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
