Author: djd
Date: Wed Oct 19 15:13:00 2005
New Revision: 326727
URL: http://svn.apache.org/viewcvs?rev=326727&view=rev
Log:
DERBY-626 Re-work code to ensure that obtaining the enumeration of modules.properties
files as well as opening them is in a priviledge block. Removes the requirement for
read permission on derby.jar to be granted all the way up the stack when running with the
security manager.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java?rev=326727&r1=326726&r2=326727&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
Wed Oct 19 15:13:00 2005
@@ -1056,7 +1056,7 @@
If no implementations are listed in the properties object
then null is returned.
*/
- protected Vector getImplementations(Properties moduleList, boolean actualModuleList) {
+ private Vector getImplementations(Properties moduleList, boolean actualModuleList) {
if (moduleList == null)
return null;
@@ -1251,19 +1251,36 @@
return true;
} // end of getPersistentServiceImplementation
- protected Vector getDefaultImplementations() {
+ private Vector getDefaultImplementations() {
+ Properties moduleList = getDefaultModuleProperties();
+
+ return getImplementations(moduleList, true);
+ } // end of getDefaultImplementations
+
+ /**
+ * Get the complete set of module properties by
+ * loading in contents of all the org/apache/derby/modules.properties
+ * files. This must be executed in a privileged block otherwise
+ * when running in a security manager environment no properties will
+ * be returned.
+ * @return
+ */
+ Properties getDefaultModuleProperties()
+ {
+ // SECURITY PERMISSION - IP1 for modules in this jar
+ // or other jars shipped with the Derby release.
Properties moduleList = new Properties();
boolean firstList = true;
- ClassLoader cl = getClass().getClassLoader();
+ ClassLoader cl = getClass().getClassLoader();
try {
- for( Enumeration e = cl.getResources( "org/apache/derby/modules.properties");
+ for( Enumeration e = cl.getResources("org/apache/derby/modules.properties");
e.hasMoreElements() ;) {
URL modulesPropertiesURL = (URL) e.nextElement();
InputStream is = null;
try {
- is = loadModuleDefinitions( modulesPropertiesURL);
+ is = modulesPropertiesURL.openStream();
if( firstList) {
moduleList.load( is);
firstList = false;
@@ -1297,18 +1314,13 @@
if (SanityManager.DEBUG)
report("Can't load implementation list: " + ioe.toString());
}
- if( firstList) {
- if (SanityManager.DEBUG)
+ if (SanityManager.DEBUG)
+ {
+ if (firstList)
report("Default implementation list not found");
- return null;
}
-
- return getImplementations(moduleList, true);
- } // end of getDefaultImplementations
-
- InputStream loadModuleDefinitions( URL propertyFileURL) throws IOException {
- // SECURITY PERMISSION - IP1
- return propertyFileURL.openStream();
+
+ return moduleList;
}
/*
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java?rev=326727&r1=326726&r2=326727&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/FileMonitor.java
Wed Oct 19 15:13:00 2005
@@ -33,6 +33,8 @@
import java.io.InputStream;
import java.net.URL;
+import java.util.Enumeration;
+import java.util.Properties;
/**
Implementation of the monitor that uses the class loader
@@ -165,7 +167,6 @@
private String key3;
private Runnable task;
private int intValue;
- private URL propertyFileURL;
/**
Initialize the system in a privileged block.
@@ -182,18 +183,12 @@
}
}
- synchronized final InputStream loadModuleDefinitions(URL propertyFileURL) throws IOException
{
+ synchronized final Properties getDefaultModuleProperties() {
action = 2;
- this.propertyFileURL = propertyFileURL;
- try {
- return (InputStream) java.security.AccessController.doPrivileged(this);
+ try {
+ return (Properties) java.security.AccessController.doPrivileged(this);
} catch (java.security.PrivilegedActionException pae) {
- Exception e = pae.getException();
- if( e instanceof IOException)
- throw (IOException) e;
- throw (RuntimeException) e;
- } finally {
- this.propertyFileURL = null;
+ throw (RuntimeException) pae.getException();
}
}
@@ -257,7 +252,7 @@
}
- public final Object run() throws IOException {
+ public synchronized final Object run() throws IOException {
switch (action) {
case 0:
case 1:
@@ -265,7 +260,7 @@
return new Boolean(PBinitialize(action == 0));
case 2:
// SECURITY PERMISSION - IP1
- return super.loadModuleDefinitions( propertyFileURL);
+ return super.getDefaultModuleProperties();
case 3:
// SECURITY PERMISSION - OP1
return PBgetJVMProperty(key3);
|