[jira] [Commented] (DERBY-7138) Remove references to the Java Security Manager

Mon, 18 Apr 2022 17:36:07 -0700 


    [ 
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523961#comment-17523961
 ] 

Richard N. Hillegas commented on DERBY-7138:
--------------------------------------------

Attaching derby-7138-09-aa-removeMostProductPrivilegeFiles.diff. This patch 
removes privilege blocks from the product code except for the following classes 
(to be addressed in a later patch):

{noformat}
trunk/java/org.apache.derby.server/org/apache/derby/impl/drda/NetworkServerControlImpl.java
trunk/java/org.apache.derby.server/org/apache/derby/impl/drda/ClientThread.java
trunk/java/org.apache.derby.engine/org/apache/derby/impl/sql/compile/OptimizerTracer.java
{noformat}

With this patch, tests pass cleanly both with the classpath and with the 
modulepath.

Touches the following files:

{noformat}
M       
java/org.apache.derby.client/org/apache/derby/client/BasicClientDataSource.java
M       
java/org.apache.derby.client/org/apache/derby/client/am/ClientConnection.java
M       
java/org.apache.derby.client/org/apache/derby/client/am/Configuration.java
M       java/org.apache.derby.client/org/apache/derby/client/net/NetAgent.java
M       
java/org.apache.derby.client/org/apache/derby/client/net/OpenSocketAction.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/error/ExceptionUtil.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/i18n/MessageService.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/info/JVMInfo.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/info/ProductVersionHolder.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/reference/ModuleUtil.java
M       
java/org.apache.derby.commons/org/apache/derby/shared/common/sanity/AssertFailure.java
M       
java/org.apache.derby.engine/org/apache/derby/catalog/Java5SystemProcedures.java
M       
java/org.apache.derby.engine/org/apache/derby/catalog/SystemProcedures.java
M       java/org.apache.derby.engine/org/apache/derby/diag/DiagUtil.java
M       java/org.apache.derby.engine/org/apache/derby/diag/ErrorLogReader.java
M       java/org.apache.derby.engine/org/apache/derby/diag/ErrorMessages.java
M       java/org.apache.derby.engine/org/apache/derby/diag/StatementCache.java
M       
java/org.apache.derby.engine/org/apache/derby/diag/StatementDuration.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/jdbc/AutoloadedDriver.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/jdbc/InternalDriver.java
M       java/org.apache.derby.engine/org/apache/derby/iapi/jdbc/JDBCBoot.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/security/SecurityUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/services/cache/ClassSize.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/services/context/ContextService.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/services/context/SystemContext.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/services/io/FormatIdInputStream.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/services/property/PropertyUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/conn/ConnectionUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/dictionary/IndexRowGenerator.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/dictionary/TableDescriptor.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/sql/dictionary/TriggerDescriptor.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/store/access/DiskHashtable.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/types/ClobStreamHeaderGenerator.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/types/NumberDataType.java
M       java/org.apache.derby.engine/org/apache/derby/iapi/types/SqlXmlUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/iapi/util/InterruptStatus.java
M       java/org.apache.derby.engine/org/apache/derby/impl/db/BasicDatabase.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/db/DatabaseContextImpl.java
M       java/org.apache.derby.engine/org/apache/derby/impl/db/SlaveDatabase.java
M       java/org.apache.derby.engine/org/apache/derby/impl/io/CPFile.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/ConnectionChild.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedConnectionContext.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedPooledConnection.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedResultSet.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedSavepoint.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedXAResource.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/LOBStreamControl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/ResourceAdapterImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/XATransactionState.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/authentication/LDAPAuthenticationSchemeImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java
M       java/org.apache.derby.engine/org/apache/derby/impl/load/Export.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/load/ExportWriteData.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/load/ImportLobFile.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/load/ImportReadData.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/bytecode/BCClass.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/bytecode/BCJava.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/bytecode/GClass.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/bytecode/d_BCValidate.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/cache/ConcurrentCache.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/cache/ConcurrentCacheMBeanImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/daemon/BasicDaemon.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/jce/JCECipherFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/locks/Deadlock.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/monitor/FileMonitor.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/reflect/JarLoader.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/stream/RollingFileStream.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/stream/SingleStream.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/services/uuid/BasicUUIDFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/GenericLanguageFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/GenericPreparedStatement.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/GenericStorablePreparedStatement.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/LanguageDbPropertySetter.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/catalog/DD_Version.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/catalog/SequenceUpdater.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/compile/ConstraintDefinitionNode.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/compile/QueryTreeNode.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/BaseActivation.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/BasicNoPutResultSetImpl.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/GenericConstantActionFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/GenericExecutionFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/JarUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/sql/execute/rts/RealBasicNoPutResultSetStatistics.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/access/PropertyConglomerate.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/access/RAMAccessManager.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/access/btree/index/B2IFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/access/heap/HeapConglomerateFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/access/sort/ExternalSortFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/RawStore.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/D_DiagnosticUtil.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/EncryptOrDecryptData.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/FileContainer.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/RAFContainer.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/RFResource.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/log/LogToFile.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/raw/xact/XactFactory.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/replication/net/ReplicationMessageReceive.java
M       
java/org.apache.derby.engine/org/apache/derby/impl/store/replication/net/ReplicationMessageTransmit.java
M       java/org.apache.derby.engine/org/apache/derby/mbeans/Management.java
M       java/org.apache.derby.engine/org/apache/derby/mbeans/Version.java
M       
java/org.apache.derby.engine/org/apache/derby/security/DatabasePermission.java
M       java/org.apache.derby.engine/org/apache/derby/vti/XmlVTI.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/api/SimpleJsonUtils.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/dump/DataFileVTI.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/DerbyIndexInput.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/DerbyLuceneDir.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/LuceneListIndexesVTI.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/LuceneQueryVTI.java
M       
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/LuceneSupport.java
M       java/org.apache.derby.server/org/apache/derby/drda/NetServlet.java
M       
java/org.apache.derby.server/org/apache/derby/drda/NetworkServerControl.java
M       
java/org.apache.derby.server/org/apache/derby/impl/drda/DRDAConnThread.java
M       java/org.apache.derby.server/org/apache/derby/impl/drda/DssTrace.java
M       
java/org.apache.derby.server/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
M       
java/org.apache.derby.tools/org/apache/derby/iapi/tools/i18n/LocalizedResource.java
M       
java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/ConnectionEnv.java
M       java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/Main.java
M       java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/util.java
M       
java/org.apache.derby.tools/org/apache/derby/impl/tools/sysinfo/Main.java
M       
java/org.apache.derby.tools/org/apache/derby/jdbc/BasicEmbeddedDataSource40.java
M       java/org.apache.derby.tools/org/apache/derby/tools/JDBCDisplayUtil.java
M       java/org.apache.derby.tools/org/apache/derby/tools/PlanExporter.java
M       java/storeless/org/apache/derby/impl/storeless/StorelessDatabase.java
M       java/stubs/felix/org/osgi/framework/AdminPermission.java
M       java/stubs/felix/org/osgi/framework/FrameworkUtil.java
{noformat}




> Remove references to the Java Security Manager
> ----------------------------------------------
>
>                 Key: DERBY-7138
>                 URL: https://issues.apache.org/jira/browse/DERBY-7138
>             Project: Derby
>          Issue Type: Task
>          Components: Build tools, Documentation
>    Affects Versions: 10.16.0.0
>            Reporter: Richard N. Hillegas
>            Assignee: Richard N. Hillegas
>            Priority: Major
>         Attachments: DerbyServerTest.java, Z.java, 
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff, 
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff, 
> derby-7138-03-aa-removePermissionsTests.diff, 
> derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff, 
> derby-7138-05-aa-removeSecurityManager.diff, 
> derby-7138-06-aa-removeSecurityManagerSetup.diff, 
> derby-7138-07-aa-removePrivilegeBlocksFromTests.diff, 
> derby-7138-08-aa-removePolicyFiles.diff, 
> derby-7138-09-aa-removeMostProductPrivilegeFiles.diff
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that 
> it will be removed in a future release of Java. See 
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting 
> security-sensitive operations on multi-tenant servers" on the 
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that 
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java 
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide. 
> In its place, we should recommend that developers containerize their Derby 
> applications.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to