db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "DerbyJMXQuickStart" by JohnHEmbretsen
Date Thu, 17 Apr 2008 14:34:04 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The following page has been changed by JohnHEmbretsen:
http://wiki.apache.org/db-derby/DerbyJMXQuickStart

The comment on the change is:
More detailed security debug example

------------------------------------------------------------------------------
  {{{
  -Djava.security.debug=access:failure
  }}}
- when starting the Derby Network Server from the command line will print lots of output to
the console which allows you to find out specifically which permissions are granted and which
are missing. It may be wise to store the output in a file and search through it afterwards.
+ when starting the Derby Network Server from the command line will print lots of output to
the console which allows you to find out specifically which permissions are granted and which
are missing when a failure occurs. It may be wise to store the output in a file and search
through it afterwards.
+ 
+ For example, to find out details about a missing permission, search for the text "`access
denied`" in the output, and you will see something like
+ {{{
+ access: access denied (org.apache.derby.security.SystemPermission engine monitor)
+ java.lang.Exception: Stack trace
+         at java.lang.Thread.dumpStack(Thread.java:1158)
+         at java.security.AccessControlContext.checkPermission(AccessControlContext.java:253)
+         at java.security.AccessController.checkPermission(AccessController.java:427)
+         at org.apache.derby.iapi.services.info.Version.checkMonitor(Unknown Source)
+         at org.apache.derby.iapi.services.info.Version.getVersionString(Unknown Source)
+ (...)
+ access: domain that failed ProtectionDomain  (file:/home/user/derby/10.4.1.3/lib/derby.jar
<no signer certificates>)
+  sun.misc.Launcher$AppClassLoader@1ddebc3
+  <no principals>
+  java.security.Permissions@f07355 (
+  (javax.management.MBeanPermission org.apache.derby.*#[org.apache.derby:*] registerMBean,unregisterMBean)
+  (java.security.SecurityPermission getPolicy)
+  (java.net.SocketPermission localhost:1024- listen,resolve)
+ (...)
+ }}}
+ The above example output shows that the derby.jar code base is missing the permission
+ 
+ `org.apache.derby.security.SystemPermission "engine", "monitor"`,
+ 
+ as the JMX client was accessing the `VersionString` attribute of the `VersionMBean` for
derby.jar.
+ 
  
  [[Anchor(JConsoleAccess)]]
  == Using JConsole to access Derby's MBeans ==

Mime
View raw message