Oh, that's a bad one, thanks for catching this Dan.
Daniel John Debrunner (JIRA) wrote:
Booting embedded engine requires read permission to derby.jar be granted for
all code in the stack
--------------------------------------------------------------------------------------------------
Key: DERBY-626
URL: http://issues.apache.org/jira/browse/DERBY-626
Project: Derby
Type: Bug
Components: Security, Services
Versions: 10.1.1.0, 10.2.0.0
Reporter: Daniel John Debrunner
Assigned to: Daniel John Debrunner
Priority: Critical
When running in a security manager the embedded engine uses
ClassLoader.getResources() to obtain the set of modules.properties files. This
method returns an empty set if running in a security manager and permission has
not been granted to read derby.jar to all code in the stack, unless the method
is executed in a privileged block.
This is a regression early on in Derby's life and was not caught because of
lack of testing under the security manager and was hidden by the need to grant
read permission for DERBY-622.
The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
Need to re-factor code to ensure that the call to getResources and opening the
resulting URL is all in a privileged block.
begin:vcard
fn:David W Van Couvering
n:Van Couvering;David W
org:Sun Microsystems, Inc.;Database Technology Group
email;internet:[EMAIL PROTECTED]
title:Senior Staff Software Engineer
tel;work:510-550-6819
tel;cell:510-684-7281
x-mozilla-html:TRUE
version:2.1
end:vcard
