db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r1620379 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/services/timer/ testing/org/apache/derbyTesting/functionTests/tests/derbynet/ testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/ testing/org/apache/derbyTe...
Date Mon, 25 Aug 2014 17:20:13 GMT
Author: dag
Date: Mon Aug 25 17:20:12 2014
New Revision: 1620379

URL: http://svn.apache.org/r1620379
Log:
DERBY-6619 After silently swallowing SecurityExceptions, Derby can leak class loaders

Patch derby-6619-2.

The fix introduced in DERBY-3745 correctly is there in order to
protect against the case where the thread that starts Derby, has a
context class loader that is different from the system class
loader. In such cases, if the timer thread inherits the context class
loader, the context class loader will stay in memory until the Derby
engine is shut down, even if all other references to the class loader
are gone.

If the context class loader is the same as the system class loader, on
the other hand, such a "leak" would not be a problem, since the system
class loader will stay in memory until the JVM is shut down anyway.

We take advantage of this and only attempt to change the context class
loader if it is different from the system class loader.  With this
patch, no warning is printed to derby.log when starting the server
from the command line, and there's no warning when starting the server
using the API with a security manager installed when the context class
loader hasn't been changed from the default. However, if the server is
started using the API with a non-default context class loader, we do
see warnings in derby.log if a security manager is installed and the
permission to set the class loader is missing.

Added tests for this behavior. Moved utility methods from
UpgradeClassLoader to ClassLoaderTestSetup, a new decorator. It seemed
more logical to put them there to allow reuse.

Added:
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/ClassLoaderTestSetup.java
Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/PhaseChanger.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeClassLoader.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeTrajectoryTest.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestSetup.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/timer/SingletonTimerFactory.java
Mon Aug 25 17:20:12 2014
@@ -159,13 +159,35 @@ public class SingletonTimerFactory
 
     // Helper methods
 
+    /**
+     * Get the context class loader if it's different from the system
+     * class loader.
+     *
+     * @return the context class loader of the current thread if it is
+     *   different from the system class loader and we have permission
+     *   to read the class loader, or {@code null} otherwise
+     */
     private ClassLoader getContextClassLoader() {
         try {
             return AccessController.doPrivileged(
                     new PrivilegedAction<ClassLoader>() {
                 @Override
                 public ClassLoader run() {
-                    return Thread.currentThread().getContextClassLoader();
+                    ClassLoader cl =
+                        Thread.currentThread().getContextClassLoader();
+                    if (cl == ClassLoader.getSystemClassLoader()) {
+                        // If the context class loader is the same as the
+                        // system class loader, we are not worried that the
+                        // timer thread will lead a class loader. (The
+                        // system class loader will stay in memory for the
+                        // lifetime of the JVM anyway, so it's not a problem
+                        // that the timer thread keeps a reference to it.)
+                        // Return null to signal that the context class loader
+                        // doesn't need to be changed.
+                        return null;
+                    } else {
+                        return cl;
+                    }
                 }
             });
         } catch (SecurityException se) {

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.java
Mon Aug 25 17:20:12 2014
@@ -21,19 +21,18 @@
 
 package org.apache.derbyTesting.functionTests.tests.derbynet;
 
-import java.io.BufferedReader;
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.io.InputStreamReader;
 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.util.ArrayList;
 import java.util.Arrays;
 import junit.framework.Test;
+import org.apache.derby.drda.NetworkServerControl;
 import org.apache.derbyTesting.functionTests.util.PrivilegedFileOpsForTests;
 import org.apache.derbyTesting.junit.BaseJDBCTestCase;
 import org.apache.derbyTesting.junit.BaseTestSuite;
+import org.apache.derbyTesting.junit.ClassLoaderTestSetup;
 import org.apache.derbyTesting.junit.Derby;
 import org.apache.derbyTesting.junit.NetworkServerTestSetup;
 import org.apache.derbyTesting.junit.SecurityManagerSetup;
@@ -142,6 +141,10 @@ public class SecureServerTest extends Ba
          _outcome = outcome;
     }
 
+    public SecureServerTest(String fixture) {
+        super(fixture);
+    }
+
     ///////////////////////////////////////////////////////////////////////////////////
     //
     // JUnit MACHINERY
@@ -181,9 +184,7 @@ public class SecureServerTest extends Ba
         // this wildcard port is rejected by the server right now
         //suite.addTest( decorateTest( false,  true, null, IPV6W, RUNNING_SECURITY_BOOTED
) );
         
-        suite.addTest( decorateTest( true,  false, null, null, RUNNING_SECURITY_NOT_BOOTED
) );
-        suite.addTest( decorateTest( true,  true, null, null, RUNNING_SECURITY_NOT_BOOTED
) );
-        
+        suite.addTest( makeDerby6619Test() );
         return suite;
     }
 
@@ -306,12 +307,33 @@ public class SecureServerTest extends Ba
         return list.toArray(new String[list.size()]);
     }
     
+    // Policy which lacks the permission to set the context class loader.
+    final static String POLICY6619 =
+            "org/apache/derbyTesting/functionTests/" +
+            "tests/derbynet/SecureServerTest.policy";
+
+    private static Test makeDerby6619Test() {
+        Test t = new SecureServerTest("test6619");
+        t = TestConfiguration.clientServerDecorator(t);
+        t = new SecurityManagerSetup(t, POLICY6619);
+        t = new ClassLoaderTestSetup(t);
+        return t;
+    }
+
     ///////////////////////////////////////////////////////////////////////////////////
     //
     // JUnit TESTS
     //
     ///////////////////////////////////////////////////////////////////////////////////
     
+    public void test6619() throws Exception {
+        NetworkServerControl nsc =
+                NetworkServerTestSetup.getNetworkServerControl();
+        NetworkServerTestSetup.waitForServerStart(nsc);
+         // non standard class loader, so expect to see the warning on derby.log
+        assertWarningDerby6619("derby.system.home", true);
+    }
+
     /**
      * Verify if the server came up and if so, was a security manager installed.
      */
@@ -325,9 +347,7 @@ public class SecureServerTest extends Ba
 
         assertEquals( myName + ": serverCameUp = " + serverCameUp, _outcome.serverShouldComeUp(),
serverCameUp );
 
-        if (!_unsecureSet) {
-            assertWarningDerby6619();
-        }
+        assertWarningDerby6619("user.dir", false); // standard class loader
 
         if (!(runsWithEmma() || runsWithJaCoCo())) {
             // With Emma we run without the security manager, so we can't
@@ -507,11 +527,20 @@ public class SecureServerTest extends Ba
                  "security exception:",
              "This may lead to class loader leak"};
 
-    private void assertWarningDerby6619() throws IOException {
+
+    private void assertWarningDerby6619(String logLocation, boolean expected)
+            throws IOException {
+
         final String logFileName =
-                getSystemProperty("user.dir") + File.separator + "derby.log";
-        if (!DerbyNetAutoStartTest.checkLog(logFileName, expected6619)) {
-            fail("Expected warning on derby.log cf DERBY-6619");
+                getSystemProperty(logLocation) + File.separator + "derby.log";
+        if (DerbyNetAutoStartTest.checkLog(logFileName, expected6619)) {
+            if (!expected) {
+                fail("Expected no warning on derby.log cf DERBY-6619");
+            }
+        } else {
+            if (expected) {
+                fail("Expected warning on derby.log cf DERBY-6619");
+            }
         }
     }
 }

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy?rev=1620379&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
Mon Aug 25 17:20:12 2014
@@ -0,0 +1,473 @@
+//
+// *  Derby - Class org.apache.derbyTesting.functionTests.util.derby_tests.policy
+// *  
+// * Licensed to the Apache Software Foundation (ASF) under one
+// * or more contributor license agreements.  See the NOTICE file
+// * distributed with this work for additional information
+// * regarding copyright ownership.  The ASF licenses this file
+// * to you under the Apache License, Version 2.0 (the
+// * "License"); you may not use this file except in compliance
+// * with the License.  You may obtain a copy of the License at
+// *
+// *   http://www.apache.org/licenses/LICENSE-2.0
+// *
+// * Unless required by applicable law or agreed to in writing,
+// * software distributed under the License is distributed on an
+// * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// * KIND, either express or implied.  See the License for the
+// * specific language governing permissions and limitations
+// * under the License.
+// *
+
+//
+// Policy file with minimal set of permissions to run derby's
+// functional tests.
+//
+// The test harness sets up four variables used by this policy file
+//
+// derbyTesting.codejar - URL to the jar files when they are in the classpath
+// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
+//
+// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
+// other will be set to a bogus URL like file://unused
+//
+// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
+// Only required due to a BUG (see below for more info).
+//
+// derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation
+//     for XML-based tests (ex. lang/XMLBindingTest.java).
+//
+// derbyTesting.serverhost - Host name or ip where network server is started 
+// derbyTesting.clienthost - specifies the clients ip address/hostName. 
+//     when testing with networkserver on a remote host, this needs to be passed in 
+//     with the NetworkServerControl start command
+
+//
+// Permissions for the embedded engine (derby.jar)
+//
+grant codeBase "${derbyTesting.codejar}derby.jar" {
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
+      "write"; 
+  // The next two properties are used to determine if the VM is 32 or 64 bit.
+  permission java.util.PropertyPermission "sun.arch.data.model", "read";
+  permission java.util.PropertyPermission "os.arch", "read";
+  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+  permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
+  permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
+  
+  // unit tests (e.g. store/T_RecoverFullLog) set this property 
+  // (called from derbyTesting.jar through code in derby.jar)
+  permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";
+
+  permission java.lang.RuntimePermission "createClassLoader";
+
+  // getProtectionDomain is an optional permission needed for printing classpath
+  // information to derby.log
+  permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+
+  // DERBY-6619: removed next permission to test 6619. Otherwise identical
+  // to util/derby_tests.policy
+  // permission java.lang.RuntimePermission "setContextClassLoader";
+
+  permission java.security.SecurityPermission "getPolicy";
+  
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+  // [DERBY-2000] The write permission was added to allow creation of the
+  // derby.system.home directory when running tests under a security manager.
+  permission java.io.FilePermission "${derby.system.home}", "read, write";
+  
+  // all databases under derby.system.home 
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+  // Import/export and other support files from these locations in tests
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,  write, delete";
+  permission java.io.FilePermission "${user.dir}${/}extout${/}-", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}extinout", "read,write";
+
+  // needed to create a temp file in order to open a database in a jar file
+  permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
+  
+  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+  // JDK14 has the JCE  preloaded
+  permission java.security.SecurityPermission "insertProvider.SunJCE";
+  permission java.security.SecurityPermission "insertProvider.IBMJCE";
+  
+//
+// Permissions needed for JMX based management and monitoring, which is only
+// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
+//
+// Allows this code to create an MBeanServer:
+//
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+//
+// Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
+// Derby must be allowed to register and unregister these MBeans.
+// To fine tune this permission, see the javadoc of javax.management.MBeanPermission
+// or the JMX Instrumentation and Agent Specification.
+//
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
+//
+// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
+//
+  permission javax.management.MBeanTrustPermission "register";
+
+  // Gives permission for jmx to be used against Derby but
+  // only if JMX authentication is not being used.
+  // In that case the application would need to create
+  // a whole set of fine-grained permissions to allow specific
+  // users access to MBeans and actions they perform.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "monitor";  
+ 
+  // These permissions are needed by AssertFailure to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
+  permission java.sql.SQLPermission "callAbort";
+
+  // This permission is needed to call DriverManager.deregisterDriver()
+  // on Java SE 8 and later.
+  permission java.sql.SQLPermission "deregisterDriver";
+};
+
+//
+// Permissions for the network server (derbynet.jar)
+//
+grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
+  permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
+  permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "write";
+  
+  // accept is needed for the server accepting connections
+  // connect is needed for ping command (which is in the server jar)
+  // listen is needed for the server listening on the network port
+  permission java.net.SocketPermission "127.0.0.1", "accept,connect";
+  permission java.net.SocketPermission "localhost", "accept,connect,listen";
+  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
+  // Need to be able to write to trace file for NetworkServerControlApiTest
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write";
+
+  // Need read/write to trace file for RestrictiveFilePermissionsTest
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr",
"read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax", "read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr${/}-",
"read,write";
+  permission java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax${/}-",
"read,write";
+
+    // Needed for NetworkServerMBean access (see JMX section above)
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // For NetworkServerControlApiTest:
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+};
+
+//
+// Permissions for the network client (derbyclient.jar)
+//
+grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
+  permission java.net.SocketPermission "localhost", "connect,resolve";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+  // DERBY-1883: Since some classes that are included in both derby.jar and
+  // derbyclient.jar read properties, derbyclient.jar needs permission to read
+  // derby.* properties to avoid failures when it is listed before derby.jar in
+  // the classpath.
+  permission java.util.PropertyPermission "derby.*", "read";
+
+  // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order
to
+  // do tracing in that directory. Also, it needs read/write permissions in user.dir in order
+  // to create the trace files in that directory.
+  permission java.util.PropertyPermission "user.dir", "read";
+  permission java.io.FilePermission "${user.dir}${/}-", "read, write"; 
+  
+  // These permissions are needed by AssertFailure to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+
+  // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
+  permission java.sql.SQLPermission "callAbort";
+  
+};
+
+//
+// Permissions for the tools (derbytools.jar)
+// Ideally this would be more secure, for now the
+// focus is on getting the engine & network server secure.
+//
+grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+  // Access all properties using System.getProperties -
+  // ij enumerates the properties in order to open connections
+  // for any property set in ij.connection.* and set protocols
+  // for any property in ij.protocol.*
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  // Read all files under ${user.dir}
+  permission java.io.FilePermission "${user.dir}${/}-", "read";
+  
+  // IjTestCases read, write, and delete ij's output in the extinout dir
+  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read, write, delete";
+ 
+  // ij needs permission to read the sql files in this jar
+  permission java.io.FilePermission "${derbyTesting.testjarpath}", "read";
+  
+
+};
+
+//
+// Permissions for the tests (derbyTesting.jar)
+// We are liberal here, it's not a goal to make the test harness
+// or tests secure.
+//
+grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+  // Access all properties using System.getProperties
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  // Access all files under ${user.dir}to write the test directory structure
+  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
+
+  // Tests need to be able to exec a java program. DERBY-6295: Also give them
+  // read permission so that detailed error message is shown.
+  permission java.io.FilePermission "${java.home}${/}-", "execute, read";
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.security.SecurityPermission "getPolicy";
+  permission java.lang.RuntimePermission "setIO";  
+
+  // Needed by ClasspathSetup to change the classloader
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
+  // These permissions are needed to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  
+  // Allow MBeanTest to register the application management MBean.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]",
"instantiate";
+  permission javax.management.MBeanTrustPermission "register";
+   
+  // And to find and use Derby's MBeans
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]",
"getAttribute,invoke";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"getMBeanInfo";
+  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"queryNames";
+  
+  // Test code needs this as well for the platform MBeanServer
+  // tests where the testing code is in the stack frame.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // useful for debugging
+  //permission java.lang.RuntimePermission "getProtectionDomain";
+
+  // This permission is needed to call the Connection.abort(Executor) method added by JDBC
4.1
+  permission java.sql.SQLPermission "callAbort";
+  
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // Needed by NetworkServerTestSetup when probing ports.
+  permission java.net.SocketPermission "localhost", "listen";
+
+  // Needed by ClasspathSetup for freeing resources.
+  permission java.lang.RuntimePermission "closeClassLoader";
+
+  // Needed by AutoloadTest to get at spawned process pid (Unixen) and call jstack:
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
+  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  // Presumes we have a JDK: First "..": back up past "jre"
+  permission java.io.FilePermission "${java.home}${/}..${/}bin${/}-", "execute, read";
+};
+
+//
+// super-set of the jar permissions for running out of the classes directory
+//
+grant codeBase "${derbyTesting.codeclasses}" {
+  // Access all properties using System.getProperties
+  permission java.util.PropertyPermission "*", "read, write";
+  
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.lang.RuntimePermission "createClassLoader";
+
+  // permissions so that we can set the context class loader to
+  // null for daemon threads to avoid class loader leak.
+  // DERBY-3745
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+
+  permission java.security.SecurityPermission "getPolicy";
+   
+  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
+  permission java.io.FilePermission "${derby.system.home}", "read";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
+
+  // combination of client and server side.
+  permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
+  permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
+  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+  
+  // Access all files under ${user.dir}to write the test directory structure
+  // Also covers extin, extout and extinout locations
+  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
+   
+  // Tests need to be able to exec a java program. DERBY-6295: Also give them
+  // read permission so that detailed error message is shown.
+  permission java.io.FilePermission "${java.home}${/}-", "execute, read";
+
+  // needed to create a temp file in order to open a database in a jar file
+  permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
+
+  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
+  // JDK14 has the JCE  preloaded
+  permission java.security.SecurityPermission "insertProvider.SunJCE";
+  permission java.security.SecurityPermission "insertProvider.IBMJCE";
+
+  // When running with useprocess=false need to install and uninstall
+  // the security manager and allow setIO to change the system err and out
+  // streams. Currently the nist suite runs with useprocess=false.
+  permission java.lang.RuntimePermission "setSecurityManager";
+  permission java.lang.RuntimePermission "setIO"; 
+
+  // These permissions are needed by stress.multi to dump the thread stack
+  // traces upon failure.
+  permission java.lang.RuntimePermission "getStackTrace";
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  
+    // Allow MBeanTest to register the application management MBean.
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]",
"instantiate";
+  permission javax.management.MBeanTrustPermission "register";
+  
+  // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
+  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
+  
+   
+  // And to find and use Derby's MBeans
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]",
"getAttribute,invoke";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"getMBeanInfo";
+  permission javax.management.MBeanPermission "-#-[-]", "queryNames";
+  permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]",
"queryNames";
+  
+  // Test code needs this as well for the platform MBeanServer
+  // tests where the testing code is in the stack frame.
+  permission org.apache.derby.security.SystemPermission "jmx", "control";
+  permission org.apache.derby.security.SystemPermission "engine", "monitor";
+  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+  // Needed by FileUtil#limitAccessToOwner
+  permission java.lang.RuntimePermission "accessUserInformation";
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+  // This permission is needed to call DriverManager.deregisterDriver()
+  // on Java SE 8 and later.
+  permission java.sql.SQLPermission "deregisterDriver";
+
+  // Needed by ClasspathSetup for freeing resources.
+  permission java.lang.RuntimePermission "closeClassLoader";
+};
+
+// JUnit jar file tries to read junit.properties in the user's
+// home directory and seems to require permission to read the
+// property user.home as well.
+// junit.swingui.TestRunner writes to .junitsession on exit.
+grant codeBase "${derbyTesting.junit}" {
+    permission java.util.PropertyPermission "user.home", "read";
+    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
+    permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
+
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
+
+// Ant's junit runner requires setOut to redirect the System output streams
+// to the forked JVM used when running junit tests inside Ant. Ant requires
+// forking the JVM if you want to run tests in a different directory than the
+// current one.
+grant codeBase "${derbyTesting.antjunit}" {
+    permission java.lang.RuntimePermission "setIO";
+
+    // This permission is needed when running the tests using ant 1.7
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
+
+// Starting with Ant 1.9.3, write permission has to be granted to ant.jar
+// as well so that Ant's JUnit runner can write test results to a file.
+// Only needed when running the tests under Ant. See DERBY-6685.
+grant codeBase "${derbyTesting.ant}" {
+    permission java.io.FilePermission "${user.dir}${/}*", "write";
+};
+
+// functionTests.tests.lang.RoutineSecurityTest requires this grant
+// to check to see if permissions are granted through generated code
+// through this mechanism.
+grant {
+    permission java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read";
+};
+
+// These permissions are needed when testing code instrumented with EMMA.
+// They will only be used if the emma.active system property property is
+// set, which should be set to "" for the permissions to be correct. Must
+// be granted to all code bases because EMMA doesn't use doPrivileged
+// blocks around the code that needs the permissions.
+grant {
+  permission java.util.PropertyPermission "${emma.active}user.dir", "read";
+  permission java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read, write";
+  permission java.lang.RuntimePermission "${emma.active}writeFileDescriptor";
+};
+
+// Grant the required permissions for JaCoCo (code coverage tool).
+grant {
+  permission java.io.FilePermission "${jacoco.active}${user.dir}${/}*", "read, write";
+};
+
+// When inserting XML values that use external DTD's, the JAXP parser
+// needs permission to read the DTD files.  We assume that all DTD
+// files will be copied to extin/ by whichever tests need them.  So
+// grant the JAXP parser permissions to read that directory.
+grant codeBase "${derbyTesting.jaxpjar}" {
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+};
+
+// Permissions for package-private tests run from 'classes.pptesting'
+grant codeBase "${derbyTesting.ppcodeclasses}" {
+
+  // Needed for ProtocolTest - allows connection to a server
+  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
+  permission java.net.SocketPermission "localhost", "connect,resolve";
+  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
+
+  // Allows reading support files in 'extin'
+  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
+};

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/PhaseChanger.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/PhaseChanger.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/PhaseChanger.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/PhaseChanger.java
Mon Aug 25 17:20:12 2014
@@ -31,6 +31,7 @@ import junit.framework.Test;
 
 import org.apache.derbyTesting.junit.BaseTestCase;
 import org.apache.derbyTesting.junit.BaseTestSetup;
+import org.apache.derbyTesting.junit.ClassLoaderTestSetup;
 import org.apache.derbyTesting.junit.JDBC;
 import org.apache.derbyTesting.junit.JDBCDataSource;
 import org.apache.derbyTesting.junit.TestConfiguration;
@@ -87,7 +88,7 @@ final class PhaseChanger extends BaseTes
         
         if (loader != null) {
             previousLoader = Thread.currentThread().getContextClassLoader();
-            UpgradeClassLoader.setThreadLoader(loader);
+            ClassLoaderTestSetup.setThreadLoader(loader);
         }
          
         DataSource ds = JDBCDataSource.getDataSource();
@@ -154,7 +155,7 @@ final class PhaseChanger extends BaseTes
         clearDerby23ThreadLocals(contextService);
 
         if (loader != null)
-            UpgradeClassLoader.setThreadLoader(previousLoader);       
+            ClassLoaderTestSetup.setThreadLoader(previousLoader);
         loader = null;
         previousLoader = null;
         

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeClassLoader.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeClassLoader.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeClassLoader.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeClassLoader.java
Mon Aug 25 17:20:12 2014
@@ -92,34 +92,6 @@ public class UpgradeClassLoader
     }
 
     /**
-     * <p>
-     * Force this thread to use a specific class loader.
-     * </p>
-     */
-    public static void setThreadLoader(final ClassLoader which) {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-            public Void run() {
-                java.lang.Thread.currentThread().setContextClassLoader(which);
-              return null;
-            }
-        });
-    }
-    
-    /**
-     * <p>
-     * Retrieve the class loader currently being used by this thread.
-     * </p>
-     */
-    public static ClassLoader getThreadLoader() {
-        return AccessController.doPrivileged(
-                new PrivilegedAction<ClassLoader>() {
-            public ClassLoader run() {
-                return Thread.currentThread().getContextClassLoader();
-            }
-        });
-    }
-
-    /**
      * Get the location of jars of old release. The location is specified 
      * in the property derbyTesting.oldReleasePath. If derbyTesting.oldReleasePath
      * is set to the empty string it is ignored.

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeTrajectoryTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeTrajectoryTest.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeTrajectoryTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/upgradeTests/UpgradeTrajectoryTest.java
Mon Aug 25 17:20:12 2014
@@ -34,6 +34,7 @@ import junit.extensions.TestSetup;
 import junit.framework.Test;
 import org.apache.derbyTesting.junit.BaseJDBCTestCase;
 import org.apache.derbyTesting.junit.BaseTestSuite;
+import org.apache.derbyTesting.junit.ClassLoaderTestSetup;
 import org.apache.derbyTesting.junit.JDBCClient;
 import org.apache.derbyTesting.junit.JDBCClientSetup;
 import org.apache.derbyTesting.junit.JDBCDataSource;
@@ -522,7 +523,7 @@ public class UpgradeTrajectoryTest exten
     private void compareDatabases( Version version, String leftDatabaseName, String rightDatabaseName
)
         throws Exception
     {
-        UpgradeClassLoader.setThreadLoader( version.getClassLoader() );
+        ClassLoaderTestSetup.setThreadLoader( version.getClassLoader() );
 
         DataSource leftDS = makeDataSource( leftDatabaseName );
         DataSource rightDS = makeDataSource( rightDatabaseName );
@@ -811,7 +812,7 @@ public class UpgradeTrajectoryTest exten
     private void createDatabase( Version version, String logicalDatabaseName )
         throws Exception
     {
-        UpgradeClassLoader.setThreadLoader( version.getClassLoader() );
+        ClassLoaderTestSetup.setThreadLoader( version.getClassLoader() );
 
         DataSource ds = bootDatabase( logicalDatabaseName );
 
@@ -830,7 +831,7 @@ public class UpgradeTrajectoryTest exten
     private void upgradeDatabase( Version softwareVersion, Version dataVersion, boolean hardUpgrade,
String logicalDatabaseName )
         throws Exception
     {
-        UpgradeClassLoader.setThreadLoader( softwareVersion.getClassLoader() );
+        ClassLoaderTestSetup.setThreadLoader(softwareVersion.getClassLoader());
 
         DataSource ds = upgradeDatabase( logicalDatabaseName, hardUpgrade );
 
@@ -971,11 +972,14 @@ public class UpgradeTrajectoryTest exten
     private void saveOriginalClassLoader()
     {
         // remember the original class loader so that we can reset
-        if ( _originalClassLoader.get() == null ) { _originalClassLoader.set( UpgradeClassLoader.getThreadLoader()
); }
+        if ( _originalClassLoader.get() == null ) { 
+            _originalClassLoader.set( ClassLoaderTestSetup.getThreadLoader() ); 
+        }
     }
     private void restoreOriginalClassLoader()
     {
-        UpgradeClassLoader.setThreadLoader( (ClassLoader) _originalClassLoader.get() );
+        ClassLoaderTestSetup.setThreadLoader(
+                (ClassLoader) _originalClassLoader.get() );
     }
 
     private String stringifyUpgradeRequests()

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestSetup.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestSetup.java?rev=1620379&r1=1620378&r2=1620379&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestSetup.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/BaseTestSetup.java Mon
Aug 25 17:20:12 2014
@@ -42,7 +42,8 @@ public abstract class BaseTestSetup exte
      * and then call the part's run method to run the decorator and
      * the test it wraps.
      */
-    public final void run(TestResult result)
+    @Override
+    public void run(TestResult result)
     {
         // install a default security manager if one has not already been
         // installed

Added: db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/ClassLoaderTestSetup.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/ClassLoaderTestSetup.java?rev=1620379&view=auto
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/ClassLoaderTestSetup.java
(added)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/ClassLoaderTestSetup.java
Mon Aug 25 17:20:12 2014
@@ -0,0 +1,105 @@
+/*
+ * Derby - Class org.apache.derbyTesting.junit.ClassLoaderTestSetup
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+package org.apache.derbyTesting.junit;
+
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import junit.framework.Test;
+import org.apache.derbyTesting.functionTests.tests.upgradeTests.UpgradeClassLoader;
+
+/**
+ * A decorator that changes the context class loader for the current
+ * configuration and resets it afterwards.
+ */
+public class ClassLoaderTestSetup extends BaseJDBCTestSetup {
+
+    private ClassLoader oldLoader;
+
+    /**
+     * Create a decorator that makes {@code test} run with non-default
+     * class loader. It also shuts down the engine so Derby classes will
+     * be loaded with the new class loader.
+     *
+     * @param test the test to decorate
+     */
+    public ClassLoaderTestSetup(Test test) {
+        super(test);
+    }
+
+    private static ClassLoader makeClassLoader(final ClassLoader old) {
+        return AccessController.doPrivileged(
+            new PrivilegedAction<URLClassLoader>() {
+                @Override
+                public URLClassLoader run() {
+                        URL[] jars = ((URLClassLoader)old).getURLs();
+                        return new URLClassLoader(jars, null);
+                }
+            });
+    }
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+        TestConfiguration.getCurrent().shutdownEngine();
+        oldLoader = getThreadLoader();
+        setThreadLoader(makeClassLoader(oldLoader));
+    }
+
+    @Override
+    protected void tearDown() throws Exception {
+        setThreadLoader(oldLoader);
+        super.tearDown();
+    }
+
+    /**
+     * Force this thread to use a specific class loader.
+     * @param which class loader to set
+     *
+     * @throws  SecurityException
+     *          if the current thread cannot set the context ClassLoader
+     */
+    public static void setThreadLoader(final ClassLoader which) {
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            @Override
+            public Void run() {
+                java.lang.Thread.currentThread().setContextClassLoader(which);
+              return null;
+            }
+        });
+    }
+
+    /**
+     * <p>
+     * Retrieve the class loader currently being used by this thread.
+     * </p>
+     * @return the current context class loader
+     */
+    public static ClassLoader getThreadLoader() {
+        return AccessController.doPrivileged(
+                new PrivilegedAction<ClassLoader>() {
+            public ClassLoader run() {
+                return Thread.currentThread().getContextClassLoader();
+            }
+        });
+    }
+
+}



Mime
View raw message