[jira] Updated: (DERBY-3174) NetworkServerControlApiTest fails with java.security.AccessControlException if not run as first test

[Kathey Marsden (JIRA)]

     [ 
https://issues.apache.org/jira/browse/DERBY-3174?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kathey Marsden updated DERBY-3174:
----------------------------------

    Attachment: my2.policy
                my1.policy
                ReloadPolicy2.java

I have been looking at why there are problems reloading the policy file after 
the policy file has changed.  I think that we have to do a 
Policy.getPolicy().refresh() if the policy file changes. I am attaching a small 
program that shows the issue. Unless we refresh the policy the new policy does 
not go into affect.

[C:/kmarsden/repro/reloadpolicy] java ReloadPolicy2
PASS: Able to set property
FAIL: Should not have been able to set property

[C:/kmarsden/repro/reloadpolicy] java ReloadPolicy2 refresh
PASS: Able to set property
PASS: Got expected exception:java.security.AccessControlException: Access 
denied (java.util.PropertyPermission my.value
write)

So to attempt to resolve this issue, I plan to change 
SecurityManagerSetup.installSecurityManager to refresh the policy file after 
installing the security manager. This will mean granting getPolicy permission 
to derbyTesting.jar. Please let me know if this does not sound ok.

Kathey





> NetworkServerControlApiTest fails with java.security.AccessControlException 
> if not run as first test
> ----------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3174
>                 URL: https://issues.apache.org/jira/browse/DERBY-3174
>             Project: Derby
>          Issue Type: Bug
>          Components: Test
>    Affects Versions: 10.3.1.5, 10.4.0.0
>            Reporter: Kathey Marsden
>            Priority: Minor
>         Attachments: my1.policy, my2.policy, ReloadPolicy2.java
>
>
> There appears to be a problem loading the test specific policy file for 
> NetworkServerControlApiTest if it is not run as the first test in the suite.
> Failure in the derby.log is:
> Trace directory changed to C:\test\system.
> access denied (java.io.FilePermission C:\test\system\Server3.trace write)
> java.security.AccessControlException: access denied (java.io.FilePermission 
> C:\test\system\Server3.trace write)
>       at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
>       at 
> java.security.AccessController.checkPermission(AccessController.java:546)
>       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>       at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
>       at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
>       at java.io.FileOutputStream.<init>(FileOutputStream.java:70)
>       at java.io.FileWriter.<init>(FileWriter.java:46)
>       at org.apache.derby.impl.drda.DssTrace$1.run(DssTrace.java:181)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> org.apache.derby.impl.drda.DssTrace.startComBufferTrace(DssTrace.java:178)
>       at org.apache.derby.impl.drda.Session.initTrace(Session.java:138)
>       at org.apache.derby.impl.drda.Session.setTraceOn(Session.java:152)
>       at 
> org.apache.derby.impl.drda.NetworkServerControlImpl.setTrace(NetworkServerControlImpl.java:3372)
>       at 
> org.apache.derby.impl.drda.NetworkServerControlImpl.processCommands(NetworkServerControlImpl.java:1422)
>       at 
> org.apache.derby.impl.drda.DRDAConnThread.sessionInitialState(DRDAConnThread.java:630)
>       at 
> org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:264)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.