Return-Path: X-Original-To: apmail-db-derby-commits-archive@www.apache.org Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E6DDF101B5 for ; Fri, 3 Jan 2014 02:18:25 +0000 (UTC) Received: (qmail 90087 invoked by uid 500); 3 Jan 2014 02:18:25 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 90039 invoked by uid 500); 3 Jan 2014 02:18:25 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 90032 invoked by uid 99); 3 Jan 2014 02:18:25 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Jan 2014 02:18:25 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Jan 2014 02:18:23 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 13472238883D; Fri, 3 Jan 2014 02:18:03 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1554997 - in /db/derby/code/branches/10.10: ./ java/drda/org/apache/derby/drda/ java/drda/org/apache/derby/impl/drda/ java/engine/org/apache/derby/iapi/reference/ java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ java/test... Date: Fri, 03 Jan 2014 02:18:02 -0000 To: derby-commits@db.apache.org From: myrnavl@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140103021803.13472238883D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: myrnavl Date: Fri Jan 3 02:18:01 2014 New Revision: 1554997 URL: http://svn.apache.org/r1554997 Log: DERBY-6438; Explicitly grant SocketPermission "listen" in default server policy backport of revision 1553081 from trunk Modified: db/derby/code/branches/10.10/ (props changed) db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Propchange: db/derby/code/branches/10.10/ ------------------------------------------------------------------------------ Merged /db/derby/code/trunk:r1553081 Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java (original) +++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java Fri Jan 3 02:18:01 2014 @@ -670,6 +670,15 @@ public class NetworkServerControl{ System.setProperty( Property.DERBY_SECURITY_HOST, getHostNameForSocketPermission( server ) ); // + // Forcibly set the following property so that it will be correctly + // substituted into the default policy file. This is the hostname for + // SocketPermissions. This is an internal property which customers + // may not override. + // + System.setProperty(Property.DERBY_SECURITY_PORT, + String.valueOf(server.getPort())); + + // // Forcibly set the following property. This is the parameter in // the Basic policy which points at the directory where the embedded and // network codesources. Do not let the customer Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy (original) +++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy Fri Jan 3 02:18:01 2014 @@ -120,6 +120,13 @@ grant codeBase "${derby.install.url}derb permission java.net.SocketPermission "*", "accept"; +// Allow the server to listen to the socket on the port specified with the +// -p option to "NetworkServerControl start" on the command line, or with +// the portNumber parameter to the NetworkServerControl constructor in the +// API, or with the property derby.drda.portNumber. The default is 1527. + permission java.net.SocketPermission "localhost:${derby.security.port}", + "listen"; + // // Needed for server tracing. // Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy (original) +++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy Fri Jan 3 02:18:01 2014 @@ -107,6 +107,14 @@ grant codeBase "${derby.install.url}derb permission java.net.SocketPermission "*", "accept"; +// Allow the server to listen to the socket on the default port (1527). +// If you have specified another port number with the -p option to +// "NetworkServerControl start" on the command line, or with the portNumber +// parameter to the NetworkServerControl constructor in the API, or with the +// property derby.drda.portNumber, you should change the port number in the +// permission statement accordingly. + permission java.net.SocketPermission "localhost:1527", "listen"; + // // Needed for server tracing. // Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original) +++ db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Fri Jan 3 02:18:01 2014 @@ -378,6 +378,14 @@ public final class NetworkServerControlI public String getHost() { return hostArg; } /** + * Get the port where we listen for connections. + * @return the port number + */ + public int getPort() { + return portNumber; + } + + /** * Return true if the customer forcibly overrode our decision to install a * default SecurityManager. */ Modified: db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java (original) +++ db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java Fri Jan 3 02:18:01 2014 @@ -337,7 +337,7 @@ public interface Property { String DATABASE_PROPERTIES_ONLY = "derby.database.propertiesOnly"; /** - * Ths property is private to Derby. + * This property is private to Derby. * This property is forcibly set by the Network Server to override * any values which the user may have set. This property is only used to * parameterize the Basic security policy used by the Network Server. @@ -346,7 +346,7 @@ public interface Property { public static final String DERBY_INSTALL_URL = "derby.install.url"; /** - * Ths property is private to Derby. + * This property is private to Derby. * This property is forcibly set by the Network Server to override * any values which the user may have set. This property is only used to * parameterize the Basic security policy used by the Network Server. @@ -354,6 +354,15 @@ public interface Property { **/ public static final String DERBY_SECURITY_HOST = "derby.security.host"; + /** + * This property is private to Derby. + * This property is forcibly set by the Network Server to override + * any values which the user may have set. This property is only used to + * parameterize the Basic security policy used by the Network Server. + * This property is the port number which the server listens to. + */ + public static final String DERBY_SECURITY_PORT = "derby.security.port"; + /* ** derby.storage.* */ Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy Fri Jan 3 02:18:01 2014 @@ -103,8 +103,9 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; @@ -187,6 +188,9 @@ grant codeBase "${derbyTesting.testjar}d permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; permission java.lang.RuntimePermission "setIO"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -213,7 +217,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy Fri Jan 3 02:18:01 2014 @@ -99,8 +99,9 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; @@ -178,6 +179,9 @@ grant codeBase "${derbyTesting.testjar}d permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; permission java.lang.RuntimePermission "setIO"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -201,7 +205,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy Fri Jan 3 02:18:01 2014 @@ -142,10 +142,12 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + // Need to be able to write to trace file for NetworkServerControlApiTest permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; // Needed for NetworkServerMBean access (see JMX section above) @@ -244,6 +246,9 @@ grant codeBase "${derbyTesting.testjar}d permission org.apache.derby.security.SystemPermission "jmx", "control"; permission org.apache.derby.security.SystemPermission "engine", "monitor"; permission org.apache.derby.security.SystemPermission "server", "control,monitor"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -271,7 +276,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy Fri Jan 3 02:18:01 2014 @@ -107,8 +107,9 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; @@ -191,6 +192,9 @@ grant codeBase "${derbyTesting.testjar}d permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; permission java.lang.RuntimePermission "setIO"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -217,7 +221,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy Fri Jan 3 02:18:01 2014 @@ -137,10 +137,12 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + // Need to be able to write to trace file for NetworkServerControlApiTest permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; // Needed for NetworkServerMBean access (see JMX section above) @@ -245,6 +247,9 @@ grant codeBase "${derbyTesting.testjar}d //client side: test execs another jvm with relative path permission java.io.FilePermission "<>", "execute"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -276,7 +281,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy Fri Jan 3 02:18:01 2014 @@ -128,8 +128,9 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; @@ -225,6 +226,9 @@ grant codeBase "${derbyTesting.testjar}d // resolve is needed to run ldap related tests permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -245,7 +249,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy Fri Jan 3 02:18:01 2014 @@ -24,6 +24,6 @@ // permissions granted to the test framework. // grant codeBase "${derbyTesting.codejar}derby.jar" { - permission java.net.SocketPermission "127.0.0.1", "connect,resolve,accept"; - permission java.net.SocketPermission "localhost", "connect,resolve,accept"; + permission java.net.SocketPermission "127.0.0.1", "connect,accept,listen"; + permission java.net.SocketPermission "localhost", "connect,accept,listen"; }; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy Fri Jan 3 02:18:01 2014 @@ -140,10 +140,12 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + // Need to be able to write to trace file for NetworkServerControlApiTest permission java.io.FilePermission "${user.dir}${/}system${/}trace", "write"; permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; @@ -246,6 +248,9 @@ grant codeBase "${derbyTesting.testjar}d permission org.apache.derby.security.SystemPermission "jmx", "control"; permission org.apache.derby.security.SystemPermission "engine", "monitor"; permission org.apache.derby.security.SystemPermission "server", "control,monitor"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -273,7 +278,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"; Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=1554997&r1=1554996&r2=1554997&view=diff ============================================================================== --- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original) +++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Fri Jan 3 02:18:01 2014 @@ -153,10 +153,12 @@ grant codeBase "${derbyTesting.codejar}d // accept is needed for the server accepting connections // connect is needed for ping command (which is in the server jar) + // listen is needed for the server listening on the network port permission java.net.SocketPermission "127.0.0.1", "accept,connect"; - permission java.net.SocketPermission "localhost", "accept,connect"; + permission java.net.SocketPermission "localhost", "accept,connect,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"; + // Need to be able to write to trace file for NetworkServerControlApiTest permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write"; permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write"; @@ -288,6 +290,9 @@ grant codeBase "${derbyTesting.testjar}d // Needed by FileUtil#limitAccessToOwner permission java.lang.RuntimePermission "accessUserInformation"; permission java.lang.RuntimePermission "getFileStoreAttributes"; + + // Needed by NetworkServerTestSetup when probing ports. + permission java.net.SocketPermission "localhost", "listen"; }; // @@ -315,7 +320,7 @@ grant codeBase "${derbyTesting.codeclass // combination of client and server side. permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; - permission java.net.SocketPermission "localhost", "accept,connect,resolve"; + permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen"; permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"; permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";