db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepa Remesh <drem...@gmail.com>
Subject Re: [Fwd: Re: derbynet/getCurrentProperties.java fails]
Date Mon, 17 Oct 2005 21:10:26 GMT
On 10/17/05, Daniel John Debrunner <djd@debrunners.com> wrote:

> OK, I see now that this is because you fixed DERBY-613 as part of
> DERBY-375 (see Kathey's comment in DERBY-375).
>
> This means you need to modify the permissions already granted to
> derbynet.jar, not add new ones. Here's the extract from the policy file
> for the network server tracing.
>
>   // tracing files - BUG DERBY-613 default location for tracing
>   // file is meant to be ${derby.system.home} but instead is ${user.dir}
>   // Changes DERBY-613 may require modifying this permission.
>   permission java.io.FilePermission "${user.dir}${/}*", "write";
>
> I think you need to change that to something like
>
>   // tracing files, default to derby.system.home
>   permission java.io.FilePermission "${derby.system.home}${/}*", "write";
>

I kept the permission for ${user.dir} because if derby.system.home is
not set, the default trace directory will be ${user.dir}. Test harness
always starts network server by setting derby.system.home. But if
there are tests which start network server as internal process and do
not set derby.system.home (like derbynet/testProperties.java),
${user.dir} will be used for tracing.

I have the following for derbynet.jar and classes directory:

//
// Permissions for the network server (derbynet.jar)
//
grant codeBase "${csinfo.codejar}derbynet.jar" {
  permission java.net.SocketPermission "127.0.0.1", "accept";
  permission java.net.SocketPermission "localhost", "accept";
  permission java.net.SocketPermission "${csinfo.serverhost}", "accept";
  permission java.net.SocketPermission "${csinfo.trustedhost}", "accept";

  // tracing files - BUG DERBY-613, DERBY-375 If ${derby.system.home} is set
  // default location for trace files will be ${derby.system.home}. If
it is not set,
  // default location will be ${user dir}.
  permission java.io.FilePermission "${user.dir}${/}*", "write";
  permission java.io.FilePermission "${derby.system.home}${/}*", "write";

  // BUG DERBY-622 derbynet/sysinfo.java
  permission java.io.FilePermission "${csinfo.codedir}${/}*", "read";

  // BUG DERBY-616 lang/wisconsin.sql & jdbcapi/maxfieldsize.java
  permission java.io.FilePermission
"${derby.system.home}${/}wombat${/}tmp${/}-", "read, write, delete";

  // BUG DERBY-623 - sane=true
  permission java.util.PropertyPermission "derby.monitor.verbose", "read";
  permission java.util.PropertyPermission "derby.debug.*", "read";

};

//
// super-set of the jar permissions for running out of the classes directory
//
grant codeBase "${csinfo.codeclasses}" {

  permission java.util.PropertyPermission "derby.*", "read";
  permission java.lang.RuntimePermission "createClassLoader";

  permission java.io.FilePermission
"${derby.system.home}${/}derby.properties", "read";
  permission java.io.FilePermission
"${derby.system.home}${/}derby.log", "read, write, delete";
  permission java.io.FilePermission "${derby.system.home}", "read";
  permission java.io.FilePermission "${derby.system.home}${/}-",
"read, write, delete";

  permission java.net.SocketPermission "127.0.0.1", "accept";
  permission java.net.SocketPermission "localhost", "accept";
  permission java.net.SocketPermission "${csinfo.serverhost}", "accept";
  permission java.net.SocketPermission "${csinfo.trustedhost}", "accept";

  // tracing files - BUG DERBY-613, DERBY-375 If ${derby.system.home} is set
  // default location for trace files will be ${derby.system.home}. If
it is not set,
  // default location will be ${user dir}.
  // write permission for ${derby.system.home} is covered above by the line
  // 'permission java.io.FilePermission "${derby.system.home}${/}-",
"read, write, delete";'
  permission java.io.FilePermission "${user.dir}${/}*", "write";

  // Import/export and other support files from these locations in tests
  permission java.io.FilePermission "${user.dir}${/}extin${/}*", "read";
  permission java.io.FilePermission "${user.dir}${/}extinout${/}*",
"read, write";
  permission java.io.FilePermission "${user.dir}${/}extout${/}*", "write";
};


Deepa

Mime
View raw message