[jira] [Issue Comment Edited] (DERBY-5514) SecureServerTest (and others) don't play nice with EMMA: AccessControlException

[Dag H. Wanvik (Issue Comment Edited) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DERBY-5514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13156887#comment-13156887
 ] 

Dag H. Wanvik edited comment on DERBY-5514 at 11/24/11 11:39 PM:
-----------------------------------------------------------------

Small correction to the above: the default policy file for the tests does 
contain explicit permissions for the emma jar. But, that isn't enough when emma 
doesn't call doPrivileged, of course. The default server policy does not 
contain permissions for Emma.

                
      was (Author: dagw):
    Small correction to the above: the default policy file for the tests does 
contain explicit permissions for the emma jar. But, that isn't enough when emma 
doesn't call doPrivileged, of course. The default server policy does not, of 
course.

                  
> SecureServerTest (and others) don't play nice with EMMA: 
> AccessControlException
> -------------------------------------------------------------------------------
>
>                 Key: DERBY-5514
>                 URL: https://issues.apache.org/jira/browse/DERBY-5514
>             Project: Derby
>          Issue Type: Bug
>    Affects Versions: 10.9.0.0
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5514-1.diff, derby-5514-1.stat
>
>
> When running SecureServerTest with jars instrumented with EMMA using the ant 
> emma-all target, I see:
> [junit] (net)derbynet.SecureServerTest.testServerStartup used 8475 ms 
> junit.framework.TestListener: endTest(testServerStartup)
>     [junit] START-SPAWNED:SpawnedNetworkServer ERROR OUTPUT:
>     [junit] java.security.policy: error adding Entry:
>     [junit]   java.net.MalformedURLException: no protocol: 
> /export/home/dag/java/sb/sb1/tools/java/emma.jar
>     [junit] java.security.AccessControlException: access denied 
> (java.io.FilePermission coverage.ec read)
>     [junit]   at 
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
>     [junit]   at 
> java.security.AccessController.checkPermission(AccessController.java:546)
>     [junit]   at 
> java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
>     [junit]   at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
>     [junit]   at java.io.File.exists(File.java:731)
>     [junit]   at 
> com.vladium.emma.data.DataFactory.persist(DataFactory.java:525)
>     [junit]   at 
> com.vladium.emma.data.DataFactory.persist(DataFactory.java:86)
>     [junit]   at 
> com.vladium.emma.rt.RTCoverageDataPersister.dumpCoverageData(RTCoverageDataPersister.java:54)
>     [junit]   at com.vladium.emma.rt.RTExitHook.run(RTExitHook.java:32)
>     [junit]   at java.lang.Thread.run(Thread.java:662)
>     [junit] Exception in thread "EMMA shutdown handler thread" 
> java.lang.RuntimeException: EMMA failed to dump coverage data: 
> java.security.AccessControlException: access denied (java.io.FilePermission 
> coverage.ec read)
>     [junit]   at 
> com.vladium.emma.rt.RTCoverageDataPersister.dumpCoverageData(RTCoverageDataPersister.java:71)
>     [junit]   at com.vladium.emma.rt.RTExitHook.run(RTExitHook.java:32)
>     [junit]   at java.lang.Thread.run(Thread.java:662)
>     [junit] END-SPAWNED  :SpawnedNetworkServer ERROR OUTPUT:
> This is presumably because the test spawns a server which runs with the 
> default server policy.
> Another thing is that is seems dangerous to let the spawned process write to 
> EMMA's "coverage.ec", since we don't know when the parent process will write 
> to it. This behavior could be what's been causing our corrutions in the EMMA 
> runs earlier. The missing permissions just highlight what's happening.
> In this case the spawned process was started with this command line (I 
> instrumented the code):
> XXX server startup command = /usr/jdk/instances/jdk1.6.0/jre/bin/java 
> -classpath /<my sandbox>/tools/java/emma.jar:/<my 
> sandbox>/jars/sane/derbyTesting.jar:/<my 
> sandbox>/jars/emma/lib/derbyclient.jar:/<my 
> sandbox>/jars/emma/lib/derbynet.jar:/<my 
> sandbox>/jars/emma/lib/derby.jar:/<my 
> sandbox>/jars/emma/lib/derbytools.jar:/<my 
> sandbox>/jars/emma/lib/derbyrun.jar:/<my 
> sandbox>/tools/java/junit.jar:/usr/share/lib/ant/ant-launcher.jar:/usr/share/lib/ant/ant.jar:/usr/share/lib/ant/ant-junit.jar
>  org.apache.derby.drda.NetworkServerControl start -h localhost -p 1527 
> Possible approaches:
>          run the spawned VMs with plain jars (downside: we won't get coverage 
> for those)
>          run the spawned with a special default policy file when we run with 
> EMMA ++
>          run the spawned VM with -noSecurityManager if with EMMA jars

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira