[ https://issues.apache.org/jira/browse/DERBY-2109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573411#action_12573411 ]
Myrna van Lunteren commented on DERBY-2109: ------------------------------------------- When a new patch with a fix for J2ME is available, I'll be happy to run again, but my results with patch 10 are that for derbyall, only 5 tests passed, for suites.All, 113 tests failed (didn't run suites.All with jars, only classes). For reference, here's a stack example, from lang/locktable.sql's derby.log java.lang.NoClassDefFoundError: javax.security.auth.Subject at org.apache.derby.iapi.security.SecurityUtil.createSystemPrincipalSubject(SecurityUtil.java:112) at org.apache.derby.iapi.security.SecurityUtil.checkDatabaseCreatePermission(SecurityUtil.java:255) at org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(EmbedConnection.java:2259) at org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:351) at org.apache.derby.jdbc.Driver169.getNewEmbedConnection(Driver169.java:57) at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:240) at org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:406) at org.apache.derby.jdbc.EmbeddedSimpleDataSource.getConnection(EmbeddedSimpleDataSource.java:373) at java.lang.reflect.AccessibleObject.invokeL(AccessibleObject.java:213) at java.lang.reflect.Method.invoke(Method.java:272) at org.apache.derby.impl.tools.ij.util.getDataSourceConnection(util.java:426) at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:516) at org.apache.derby.impl.tools.ij.util.startJBMS(util.java:585) at org.apache.derby.impl.tools.ij.ConnectionEnv.init(ConnectionEnv.java:64) at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(utilMain.java:165) at org.apache.derby.impl.tools.ij.Main.<init>(Main.java:230) at org.apache.derby.impl.tools.ij.Main.getMain(Main.java:193) at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:178) at org.apache.derby.impl.tools.ij.Main.main(Main.java:73) at org.apache.derby.tools.ij.main(ij.java:59) > System privileges > ----------------- > > Key: DERBY-2109 > URL: https://issues.apache.org/jira/browse/DERBY-2109 > Project: Derby > Issue Type: New Feature > Components: Security > Affects Versions: 10.3.1.4 > Reporter: Rick Hillegas > Assignee: Martin Zaun > Attachments: DERBY-2109-02.diff, DERBY-2109-02.stat, > derby-2109-03-javadoc-see-tags.diff, DERBY-2109-04.diff, DERBY-2109-04.stat, > DERBY-2109-05and06.diff, DERBY-2109-05and06.stat, DERBY-2109-07.diff, > DERBY-2109-07.stat, DERBY-2109-08.diff, DERBY-2109-08.stat, > DERBY-2109-08_addendum.diff, DERBY-2109-08_addendum.stat, DERBY-2109-09.diff, > DERBY-2109-09.stat, DERBY-2109-10.diff, DERBY-2109-10.stat, > DERBY-2109-11.diff, DERBY-2109-11.stat, SystemPrivilegesBehaviour.html, > systemPrivs.html, systemPrivs.html, systemPrivs.html, systemPrivs.html > > > Add mechanisms for controlling system-level privileges in Derby. See the > related email discussion at > http://article.gmane.org/gmane.comp.apache.db.derby.devel/33151. > The 10.2 GRANT/REVOKE work was a big step forward in making Derby more > secure in a client/server configuration. I'd like to plug more client/server > security holes in 10.3. In particular, I'd like to focus on authorization > issues which the ANSI spec doesn't address. > Here are the important issues which came out of the email discussion. > Missing privileges that are above the level of a single database: > - Create Database > - Shutdown all databases > - Shutdown System > Missing privileges specific to a particular database: > - Shutdown that Database > - Encrypt that database > - Upgrade database > - Create (in that Database) Java Plugins (currently Functions/Procedures, > but someday Aggregates and VTIs) > Note that 10.2 gave us GRANT/REVOKE control over the following > database-specific issues, via granting execute privilege to system > procedures: > Jar Handling > Backup Routines > Admin Routines > Import/Export > Property Handling > Check Table > In addition, since 10.0, the privilege of connecting to a database has been > controlled by two properties (derby.database.fullAccessUsers and > derby.database.defaultConnectionMode) as described in the security section of > the Developer's Guide (see > http://db.apache.org/derby/docs/10.2/devguide/cdevcsecure865818.html). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.