This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push: new c76a3a9 thread aware sec manager fix for jar based loaders c76a3a9 is described below commit c76a3a940dc46e6f09d26b2f6d6b24020157fc0d Author: gus <g...@needhamsoftware.com> AuthorDate: Thu Feb 6 11:09:18 2020 -0500 thread aware sec manager fix for jar based loaders Patch by Gus Heck, reviewed by brandonwilliams for CASSANDRA-15494 --- CHANGES.txt | 1 + .../apache/cassandra/security/ThreadAwareSecurityManager.java | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 6235046..82e69e0 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 4.0-alpha4 + * allow embedded cassandra launched from a one-jar or uno-jar (CASSANDRA-15494) * Update hppc library to version 0.8.1 (CASSANDRA-12995) * Limit the dependencies used by UDFs/UDAs (CASSANDRA-14737) * Make native_transport_max_concurrent_requests_in_bytes updatable (CASSANDRA-15519) diff --git a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java index 6500c8f..86c8b5b 100644 --- a/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java +++ b/src/java/org/apache/cassandra/security/ThreadAwareSecurityManager.java @@ -110,7 +110,11 @@ public final class ThreadAwareSecurityManager extends SecurityManager switch (codesource.getLocation().getProtocol()) { - case "file": + case "jar": // One-JAR or Uno-Jar source + if (!codesource.getLocation().getPath().startsWith("file:")) { + return perms; + } // else fall through and add AllPermission() + case "file": // Standard file system source // All JARs and class files reside on the file system - we can safely // assume that these classes are "good". perms.add(new AllPermission()); @@ -133,7 +137,9 @@ public final class ThreadAwareSecurityManager extends SecurityManager switch (codesource.getLocation().getProtocol()) { - case "file": + case "jar": // One-JAR or Uno-Jar source + return codesource.getLocation().getPath().startsWith("file:"); + case "file": // Standard file system source // All JARs and class files reside on the file system - we can safely // assume that these classes are "good". return true; --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org