[
https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12494696
]
Kristian Waagan commented on DERBY-2556:
----------------------------------------
There is at least a problem in the following code in BaseDataFileFactory. Not
sure how to interpret the comment, but I think adding more doPrivileged-blocks
is the right approach. Any comments on this?
private void restoreDataDirectory(String backupPath)
throws StandardException
{
File bsegdir; //segment directory in the backup
File backupRoot = new java.io.File(backupPath); //root dir of backup db
/* To be safe we first check if the backup directory exist and it has
* atleast one seg* directory before removing the current data
directory.
*
* This will fail with a security exception unless the database engine
* and all its callers have permission to read the backup directory.
*/
String[] bfilelist = backupRoot.list();
if(bfilelist !=null)
{
boolean segmentexist = false;
for (int i = 0; i < bfilelist.length; i++)
{
//check if it is a seg* directory
if(bfilelist[i].startsWith("seg"))
{
bsegdir = new File(backupRoot , bfilelist[i]);
if(bsegdir.exists() && bsegdir.isDirectory())
{
segmentexist = true;
break;
}
}
}
> Code paths for db restore do not use doPrivileged-calls, causing
> SecurityException
> ----------------------------------------------------------------------------------
>
> Key: DERBY-2556
> URL: https://issues.apache.org/jira/browse/DERBY-2556
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.2.2.0, 10.3.0.0
> Environment: Derby running with a security manager.
> Reporter: Kristian Waagan
> Assigned To: Kathey Marsden
> Fix For: 10.3.0.0
>
> Attachments: derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a
> database from a backup image, a SecurityException is thrown even though the
> policyfile for codebase derby.jar is correctly configured (giving Derby
> access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments):
> https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the
> "application-level code", or granting the required permissions to the
> application codebase as well.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
