I just wanted to share that I was able to fix the problem. The problem was
that I was not reading the system properties inside a privileged block.
I have found an existing method getSystemProperty in
org.apache.derby.iapi.services.property.PropertyUtil which does the job of
reading a system wide property inside a privileged block. The method has the
comment that this method can be used by a system that is not running
Cloudscape (I will change the Cloudscape reference to Derby in my patch) and
hence I think it should be safe for me to call this method from the client
driver even though the PropertyUtil class is in engine code. I will also
bring this issue of calling method across the engine/client codeline in my
patch for DERBY-1275 once I have a test ready to test the system properties.
Mamta
On 1/19/07, Mamta Satoor <[EMAIL PROTECTED]> wrote:
Hi,
I am new to the world of security manager and security policy files. For
DERBY-1275(DERBY-1275 Provide a way to enable client tracing without
changing the application), I am adding 2 new system properties, namely
derby.client.traceDirectory and derby.client.traceLevel. These 2
properties are read by the client driver (
org.apache.derby.jdbc.ClientBaseDataSource).
When I run(using classes folder) the junit tests suite
org.apache.derbyTesting.functionTests.suites.All, I get
AccessControlException: access denied (java.util.PropertyPermission
derby.client.traceLevel read). I am assuming that the junit tests are
using the policy file derby_tests.policy located in
derbyTesting.functionTests.util.derby_tests.policy. That policy file has
following granted when running through the classes folder (I have copied
subset of granted permission for codeBase)
grant codeBase "${derbyTesting.codeclasses}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
permission java.util.PropertyPermission "derby.*", "read";
......
As can be seen from above, permission to read all properties starting with
derby. has already been granted. But for some reason, this doesn't get
picked up when I run my junit tests. In order for the tests to succeed, for
now, I had to grant following blanket property permission reads in the
policy file.
grant {
permission java.util.PropertyPermission "derby.client.traceLevel",
"read";
permission java.util.PropertyPermission "derby.client.traceDirectory",
"read";
};
My question is why are the 2 new properties not covered by the existing
property permissions granted at the classes folder level? Also, where does
variable derbyTesting.codeclasses get set? Do I need to set that manually
before firing the junit tests?
Any help will be greatly appreciated. Thanks,
Mamta
