Granted SystemPermissions are ignored when granted later with same target and
different action
----------------------------------------------------------------------------------------------
Key: DERBY-3614
URL: https://issues.apache.org/jira/browse/DERBY-3614
Project: Derby
Issue Type: Bug
Components: Security
Affects Versions: 10.4.1.1
Environment: Security Manager installed, custom policy file
Reporter: John H. Embretsen
Priority: Minor
org.apache.derby.security.SystemPermission represents access to system-wide
Derby privileges, such as privileges relating to JMX management and monitoring.
A system permission is identified by a name (aka. "target") and optionally an
action associated with that name. SystemPermission extends
java.security.BasicPermission. See also DERBY-3491.
If a SystemPermission is granted for the same target (name) more than once in a
set of policy files loaded by the security manager, the last entry seems to
overwrite any previous entries, potentially causing SecurityExceptions. Details
follow.
The currently accepted targets are: engine, server, jmx
The currently accepted actions are: monitor, control, shutdown
If a policy file specifies e.g.
grant {
permission org.apache.derby.security.SystemPermission "server", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control";
}
then the first ("server", "monitor") permission is ignored when the permission
checks are actually performed by the security manager.
No documentation currently specifies the behavior of SystemPermission in such
cases. It seems that the most common and least error-prone way of handling this
is to accept each permission grant entry unless there is a conflict between the
entries (in which case the result should be well defined and documented).
Current behavior seems unintuitive and is contrary to the behavior of similar
permissions available in the Java platform, e.g. java.util.PropertyPermission
which also extends java.security.BasicPermission. For example, the following
grants both "read" and "write" permissions to all Principals and codebases:
grant {
permission java.util.PropertyPermission "my.sysprop", "write";
permission java.util.PropertyPermission "my.sysprop", "read";
}
A workaround is to make sure that the same permission/target is not specified
more than once within a set of policy files. If more than one action needs to
be granted for the same target, the following syntax will work:
grant {
permission org.apache.derby.security.SystemPermission "server",
"monitor,control";
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
