[
https://issues.apache.org/jira/browse/DERBY-7138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17525344#comment-17525344
]
Richard N. Hillegas commented on DERBY-7138:
--------------------------------------------
Attaching derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff. This patch makes
the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() procedure raise an exception
stating that the method no longer does anything because Derby no longer
supports the Java SecurityManager.
I considered removing the procedure entirely. However, I thought this patch's
solution would make for a slightly better user experience for applications
which accidentally invoke the procedure after soft-upgrading from a pre-10.16
release.
With this patch, tests pass cleanly both with the classpath and with the
modulepath. The upgrade tests also pass cleanly using the same starting points
mentioned in the previous submission.
Touches the following files:
{noformat}
M
java/org.apache.derby.commons/org/apache/derby/shared/common/reference/SQLState.java
M
java/org.apache.derby.engine/org/apache/derby/catalog/SystemProcedures.java
M java/org.apache.derby.engine/org/apache/derby/loc/messages.xml
Make the procedure raise an exception.
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/DBOAccessTest.java
Remove the procedure from the list of system routines which do something but
which only the DBO can invoke.
{noformat}
> Remove references to the Java Security Manager
> ----------------------------------------------
>
> Key: DERBY-7138
> URL: https://issues.apache.org/jira/browse/DERBY-7138
> Project: Derby
> Issue Type: Task
> Components: Build tools, Documentation
> Affects Versions: 10.16.0.0
> Reporter: Richard N. Hillegas
> Assignee: Richard N. Hillegas
> Priority: Major
> Attachments: DerbyServerTest.java, Z.java,
> derby-7138-01-aa-removeSecurityManagerFromOldHarnessTests.diff,
> derby-7138-02-ab-moveMethodsToTestConfiguration.diff,
> derby-7138-03-aa-removePermissionsTests.diff,
> derby-7138-04-ab-hostChangeInNetworkServerControlApiTest.diff,
> derby-7138-05-aa-removeSecurityManager.diff,
> derby-7138-06-aa-removeSecurityManagerSetup.diff,
> derby-7138-07-aa-removePrivilegeBlocksFromTests.diff,
> derby-7138-08-aa-removePolicyFiles.diff,
> derby-7138-09-aa-removeMostProductPrivilegeFiles.diff,
> derby-7138-10-aa-removeRemainingPrivilegeBlocks.diff,
> derby-7138-11-aa-miscCleanup.diff,
> derby-7138-12-aa-SYSCS_RELOAD_SECURITY_POLICY.diff
>
>
> The Open JDK team has deprecated the Java Security Manager and indicated that
> it will be removed in a future release of Java. See
> https://openjdk.java.net/jeps/411. In an email thread titled "protecting
> security-sensitive operations on multi-tenant servers" on the
> security-...@openjdk.java.net mailing list, Alan Bateman indicated that
> developers should containerize their applications instead.
> This issue tracks work needed to remove Derby's references to the Java
> Security Manager.
> At a minimum, the following work needs to be done:
> o The tests should be adjusted so that they don't install a SecurityManager.
> o References to the SecurityManager should be removed from product code.
> o We should remove the SecurityManager section of the Derby Security Guide.
> In its place, we should recommend that developers containerize their Derby
> applications.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
