[
https://issues.apache.org/jira/browse/DERBY-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-2466:
---------------------------------
Attachment: derby-2466-01.diff
Attaching patch for this feature. This patch adds a system procedure for
reloading the security policy file. This patch also adds a regression test
which verifies that only the DBA can reload the policy file and only if the
getPolicy() permission has been granted by the already-loaded policy.
This patch touches the following files:
M java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
M java/engine/org/apache/derby/impl/jdbc/Util.java
M java/engine/org/apache/derby/catalog/SystemProcedures.java
Wire the new procedure into our SQL machinery.
M java/engine/org/apache/derby/loc/messages.xml
M java/shared/org/apache/derby/shared/common/reference/SQLState.java
Add a new error message, provoked when the procedure is called but
getPolicy() wasn't granted.
M java/drda/org/apache/derby/drda/server.policy
Add getPolicy() privilege to the Basic policy file loaded by the secure
server.
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.java
M java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
Wire the new unit test into our JUnit machinery.
M
java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Add getPolicy() permission to the default testing policy.
M java/testing/org/apache/derbyTesting/junit/BaseTestCase.java
M java/testing/org/apache/derbyTesting/junit/SecurityManagerSetup.java
Make it possible for the decorators to unload the security manager and load
a new one with a different policy file.
M java/testing/org/apache/derbyTesting/junit/TestConfiguration.java
Replace some magic strings with a constant and make the DBO;s name public.
Also add a privilege execution block around a case exposed by the new test.
M java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java
Replace some magic strings with constants and make them public.
> Allow dynamic reloading of the security policy file
> ---------------------------------------------------
>
> Key: DERBY-2466
> URL: https://issues.apache.org/jira/browse/DERBY-2466
> Project: Derby
> Issue Type: New Feature
> Components: Security
> Reporter: Rick Hillegas
> Assigned To: Rick Hillegas
> Fix For: 10.3.0.0
>
> Attachments: derby-2466-01.diff
>
>
> The spec attached to DERBY-2109 describes how to allow the policy file to be
> dynamically reloaded while a server is running: We add a getPolicy permission
> to the Basic policy and we add a DBA-owned system procedure,
> SYSCS_UTIL.SYSCS_REFRESH_SECURITY_POLICY(), which reloads the policy file.
> This JIRA tracks that work.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
