[
https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kristian Waagan updated DERBY-2556:
-----------------------------------
Attachment: derby-2556-3a_alternative-patch.stat
derby-2556-3a_alternative-patch.diff
The test failed for me when I ran it individually, but I don't think I saw the
previous errors when I ran it outside suites.All. Maybe I'll look at it later.
I made an alternative patch, which seems to fix the problem that caused 9
failures. It is only half-baked, and the previous patch for this issue is also
required. A final patch will have to be made anyway, in one or the other
direction... (can be done in two steps though)
The patch 'derby-2556-3a_alternative-patch.diff' adds a utility class for
running file operations in a privileged block. It is kept very simple, which
does duplicate some code, but reduces complexity.
Any comments on this issue?
As far as I can tell, there are more places where the "machinery" to run in a
privileged block can be simplified by reuse. I will create a separate Jira for
this if the approach is acceptable.
To finish this patch, the added privExists method must be removed, and the
appropriate calls to PrivilegedFileOps must be inserted. If you test the patch,
don't forget to apply the patch for DERBY-2555 as well!
> Code paths for db restore do not use doPrivileged-calls, causing
> SecurityException
> ----------------------------------------------------------------------------------
>
> Key: DERBY-2556
> URL: https://issues.apache.org/jira/browse/DERBY-2556
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.2.2.0, 10.3.0.0
> Environment: Derby running with a security manager.
> Reporter: Kristian Waagan
> Assigned To: Kathey Marsden
> Fix For: 10.3.0.0
>
> Attachments: derby-2556-2a_whitespace-javadoc.diff,
> derby-2556-3a_alternative-patch.diff, derby-2556-3a_alternative-patch.stat,
> derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a
> database from a backup image, a SecurityException is thrown even though the
> policyfile for codebase derby.jar is correctly configured (giving Derby
> access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments):
> https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the
> "application-level code", or granting the required permissions to the
> application codebase as well.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
