db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-1273) Sysinfo should print a better message when it gets Security Exceptions accessing classpath info when run under security manager
Date Fri, 05 May 2006 14:16:28 GMT
    [ http://issues.apache.org/jira/browse/DERBY-1273?page=comments#action_12378043 ] 

Bryan Pendleton commented on DERBY-1273:

Hi Andrew. I'm comfortable with the use of Class.getResource() for this. That was actually
the first solution that we tried for DERBY-668, and I agree that it appears to work well.

I also agree with you that the messages in the "-cp" variant are somewhat misleading, but
it doesn't seem a killer to me.

I do think it's worth spending a bit of time re-visiting the discussion that was held for
DERBY-668 and DERBY-930, though, because we seem to be going right back down the same path,
and we don't want to just thrash back and forth. If nothing else, can you re-read those mail
threads and comments and refresh your memory about how we got from getResource() to getProtectionDomain()
in the first place? 

I think that the current statement of things is something like:
 - getProtectionDomain is a useful call, but it requires too many permissions under a SecurityManager,
so for the purposes of SysInfo, which merely wants to report on the actual location from which
an already-loaded class was loaded, we feel that getResource is a superior technique.

How does that sound?

> Sysinfo should print a better  message when it gets Security Exceptions accessing classpath
info when run under security manager
> --------------------------------------------------------------------------------------------------------------------------------
>          Key: DERBY-1273
>          URL: http://issues.apache.org/jira/browse/DERBY-1273
>      Project: Derby
>         Type: Improvement

>   Components: Tools
>     Versions:
>     Reporter: Kathey Marsden
>     Priority: Minor
>  Attachments: DERBY-1273.diff, derby-1273-v2.diff
> If sysinfo does not have getProtectionDomain privileges it cannot get some information
during classpath handling.  
> When this occurs it prints   Java Security Exceptions in the output e.g.
> JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
> [C:\bryan\src\derby\main\trunk\jars\sane\derby.jar] alpha - (398049M)
> [C:\bryan\src\derby\main\trunk\jars\sane\derbytools.jar] alpha - (398049M)
> [C:\bryan\src\derby\main\trunk\jars\sane\derbynet.jar] alpha - (398049M)
> [C:\bryan\src\derby\main\trunk\jars\sane\derbyclient.jar] alpha - (398049M)
> [Unable to access Protection Domain or Code Source for class class com.ibm.db2.jcc.DB2Driver:
access denied (java.lang.RuntimePermission getProtectionDomain)] 2.4 - (17)
> [C:\bryan\src\derby\main\trunk\jars\sane\db2jcc_license_c.jar] 2.4 - (17)
> [Java Security Exception: access denied (java.io.FilePermission c:\bryan\src\derby\main\trunk\tools\java\jakarta-oro-2.0.8.jar
> [Java Security Exception: access denied (java.io.FilePermission c:\bryan\src\derby\main\trunk\tools\java\junit.jar
> See DERBY-1229 notes.html for a complete explanation of the output.
> I am actually not sure what information is actually missing from sysinfo in this case
but  I  think it would be better if sysinfo just printed the classpath  and then printed a
generic warning with the information that it was not able to report rather than printing the
Security exceptions explicitly.
> This would be especially helpful for NetworkServerControl sysinfo because users are always
encouraged to run network server in security manager.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message