[ http://issues.apache.org/jira/browse/DERBY-626?page=all ] Daniel John Debrunner closed DERBY-626: ---------------------------------------
> Booting embedded engine requires read permission to derby.jar be granted for > all code in the stack > -------------------------------------------------------------------------------------------------- > > Key: DERBY-626 > URL: http://issues.apache.org/jira/browse/DERBY-626 > Project: Derby > Type: Bug > Components: Security, Services > Versions: 10.1.1.0, 10.2.0.0 > Reporter: Daniel John Debrunner > Assignee: Daniel John Debrunner > Priority: Critical > Fix For: 10.1.2.1, 10.2.0.0 > > When running in a security manager the embedded engine uses > ClassLoader.getResources() to obtain the set of modules.properties files. > This method returns an empty set if running in a security manager and > permission has not been granted to read derby.jar to all code in the stack, > unless the method is executed in a privileged block. > This is a regression early on in Derby's life and was not caught because of > lack of testing under the security manager and was hidden by the need to > grant read permission for DERBY-622. > The embedded code does not need this permission to be granted since 'Note: > code can always read a file from the same directory it's in (or a > subdirectory of that directory); it does not need explicit permission to do > so.' > Need to re-factor code to ensure that the call to getResources and opening > the resulting URL is all in a privileged block. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
