Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 63518 invoked from network); 5 May 2006 14:25:54 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 May 2006 14:25:54 -0000 Received: (qmail 87518 invoked by uid 500); 5 May 2006 14:25:38 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 87450 invoked by uid 500); 5 May 2006 14:25:38 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 87423 invoked by uid 99); 5 May 2006 14:25:38 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 May 2006 07:25:38 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [192.18.1.36] (HELO gmpea-pix-1.sun.com) (192.18.1.36) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 May 2006 07:25:36 -0700 Received: from d1-emea-10.sun.com ([192.18.2.120]) by gmpea-pix-1.sun.com (8.12.9/8.12.9) with ESMTP id k45EPFOO026670 for ; Fri, 5 May 2006 15:25:15 +0100 (BST) Received: from conversion-daemon.d1-emea-10.sun.com by d1-emea-10.sun.com (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0IYS00E01QLWRM00@d1-emea-10.sun.com> (original mail from Vemund.Ostgaard@Sun.COM) for derby-dev@db.apache.org; Fri, 05 May 2006 15:25:15 +0100 (BST) Received: from [129.159.112.244] by d1-emea-10.sun.com (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) with ESMTPSA id <0IYS004OSQQ1SI40@d1-emea-10.sun.com> for derby-dev@db.apache.org; Fri, 05 May 2006 15:25:15 +0100 (BST) Date: Fri, 05 May 2006 16:25:13 +0200 From: Vemund Ostgaard Subject: Re: [jira] Commented: (DERBY-1229) sysinfo and sysinfo_withproperties.java fail with java.lang.RuntimePermission getProtectionDomain when db2jcc.jar is in same dir as the derby-jars In-reply-to: <29433026.1146815118551.JavaMail.jira@brutus> Sender: Vemund.Ostgaard@Sun.COM To: derby-dev@db.apache.org Message-id: <445B6049.50900@sun.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=UTF-8 Content-transfer-encoding: QUOTED-PRINTABLE X-Accept-Language: en-us, en References: <29433026.1146815118551.JavaMail.jira@brutus> User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.7.12) Gecko/20050927 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Andrew McIntyre (JIRA) wrote: > [ http://issues.apache.org/jira/browse/DERBY-1229?page=3Dcomment= s#action_12377975 ]=20 > >Andrew McIntyre commented on DERBY-1229: >---------------------------------------- > >Hi Bryan, if you have some time, please take a look at the patch I a= ttached to DERBY-1273, the derby-1273-v2.diff patch. With that patch = I attempted to get around the need to have the getProtectionDomain pe= rmission at all. I still think that your patch for this issue, which = improves the output of the security exceptions on items in the classp= ath to which access has been restricted, is valuable and should be co= mmitted. But my patch attached to DERBY-1273 handles the getProtectio= nDomain issue in a different way. > >I was prompted to investigate removing the need for the getProtectio= nDomain permission due to Kathey's concerns. I'm not sure I've tested= all of the many scenarios of classloader/environment/securitymanager= /sysinfo-argument execution paths that are possible, and I'm hoping t= hat with a couple more eyes on it we can ensure that we get the maxim= um useful information out of sysinfo with the fewest possible permiss= ions granted to it. > =20 > One thing that confused me with the original problem was that I got a= n=20 exception for db2jcc.jar but not for db2jcc_license_c.jar. When I loo= ked=20 at the code I discovered that they were treated differently. If you a= re=20 replacing the way getProtectionDomain().getCodeSource() is used to fi= nd=20 where db2jcc.jar is, it might be an idea to use the same procedure to= =20 find the location of all these jars to get consistent results. Vemund > =20 > >>sysinfo and sysinfo_withproperties.java fail with java.lang.Runtime= Permission getProtectionDomain when db2jcc.jar is in same dir as the = derby-jars >>-------------------------------------------------------------------= ---------------------------------------------------------------------= ---------- >> >> Key: DERBY-1229 >> URL: http://issues.apache.org/jira/browse/DERBY-1229 >> Project: Derby >> Type: Test >> =20 >> > > =20 > >> Components: Security, Test, Tools >> Versions: 10.2.0.0 >> Environment: Solaris 10 x86 >>Sun JDK=20 >>java version "1.5.0_06" >>Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b0= 5) >>Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing= ) >> Reporter: Vemund =C3=98stgaard >> Assignee: Bryan Pendleton >> Priority: Minor >> Attachments: derby-1229.diff, notes.html >> >>The problem I've been seeing is that if I run: >>java -Dframework=3DDerbyNetClient org.apache.derbyTesting.functionT= ests.harness.RunTest derbynet/sysinfo.java >>in a configuration where my db2jcc.jar is located in the same direc= tory as all the other derby-jars, then the test fails with a diff cau= sed by a RuntimeException. If I change nothing else then moving that = db2jcc.jar out of that directory (and making the appropriate classpat= h change) then the test succeeds. >>The reason is that the test fails to get the permission for doing g= etProtectionDomain().getCodeSource() on class com.ibm.db2.jcc.DB2Driv= er. Below follows relevant output from my system that might be useful= to debug this: >>--- >>vo136787@khepri32:~/tmp/test> env |grep CLAS CLASSPATH=3D/home/vo13= 6787/derby/tmp/testbuild/lib/derby.jar:/home/vo136787/derby/tmp/testb= uild/lib/derbyTesting.jar:/home/vo136787/derby/tmp/testbuild/lib/derb= ytools.jar:/home/vo136787/derby/tmp/testbuild/lib/derbynet.jar:/home/= vo136787/derby/tmp/testbuild/lib/derbyclient.jar:/home/vo136787/derby= /tmp/testbuild/lib/derbyrun.jar:/home/vo136787/derby/tmp/testbuild/li= b/junit.jar:/home/vo136787/derby/tmp/testbuild/lib/db2jcc.jar:/home/v= o136787/derby/tmp/testbuild/lib/db2jcc_license_c.jar:/home/vo136787/d= erby/tmp/testbuild/lib/jakarta-oro-2.0.8.jar:/home/vo136787/derby/tmp= /testbuild/lib/derbyLocale_de_DE.jar:/home/vo136787/derby/tmp/testbui= ld/lib/derbyLocale_es.jar:/home/vo136787/derby/tmp/testbuild/lib/derb= yLocale_fr.jar:/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_it.= jar:/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_ja_JP.jar:/hom= e/vo136787/derby/tmp/testbuild/lib/derbyLocale_ko_KR.jar:/home/vo1367= 87/derby/tmp/testbuild/lib/derbyLocale_pt_BR.jar:/home/vo136787/derby= /tmp/testbuild/lib/derbyLocale_zh_CN.jar:/home/vo136787/derby/tmp/tes= tbuild/lib/derbyLocale_zh_TW.jar >>vo136787@khepri32:~/tmp/test> java -Dframework=3DDerbyNetClient org= .apache.derbyTesting.functionTests.harness.RunTest derbynet/sysinfo.j= ava >>*** Start: sysinfo jdk1.5.0_06 DerbyNetClient 2006-04-19 13:00:33 *= ** >>Initialize for framework: DerbyNetClient >>java -Dderby.system.home=3D/home/vo136787/tmp/test/DerbyNetClient/s= ysinfo -Djava.security.manager -Djava.security.policy=3D/home/vo13678= 7/tmp/test/derby_tests.policy -DderbyTesting.codejar=3Dfile:/home/vo1= 36787/derby/tmp/testbuild/lib/ -DderbyTesting.codedir=3D/home/vo13678= 7/derby/tmp/testbuild/lib -DderbyTesting.serverhost=3Dlocalhost -Dder= byTesting.clienthost=3Dlocalhost -DderbyTesting.codeclasses=3Dfile://= unused/ org.apache.derby.drda.NetworkServerControl start >>-- SecurityManager not installed -- >>Attempt to shutdown framework: DerbyNetClient >>14a15 >> =20 >> >>>[Unable to access Protection Domain or Code Source for class class= com.ibm.db2.jcc.DB2Driver: access denied (java.lang.RuntimePermissio= n getProtectionDomain)] 2.4 - (17) >>> =20 >>> >>41a43 >> =20 >> >>>[Unable to access Protection Domain or Code Source for class class= com.ibm.db2.jcc.DB2Driver: access denied (java.lang.RuntimePermissio= n getProtectionDomain)] 2.4 - (17) >>> =20 >>> >>69a72 >> =20 >> >>>[Unable to access Protection Domain or Code Source for class class= com.ibm.db2.jcc.DB2Driver: access denied (java.lang.RuntimePermissio= n getProtectionDomain)] 2.4 - (17) >>> =20 >>> >>Test Failed. >>*** End: sysinfo jdk1.5.0_06 DerbyNetClient 2006-04-19 13:00:40 *= ** >>vo136787@khepri32:~/tmp/test> java org.apache.derby.tools.sysinfo >>------------------ Java Information ------------------ >>Java Version: 1.5.0_06 >>Java Vendor: Sun Microsystems Inc. >>Java home: /usr/jdk/instances/jdk1.5.0/jre >>Java classpath: /home/vo136787/derby/tmp/testbuild/lib/derby.jar:/= home/vo136787/derby/tmp/testbuild/lib/derbyTesting.jar:/home/vo136787= /derby/tmp/testbuild/lib/derbytools.jar:/home/vo136787/derby/tmp/test= build/lib/derbynet.jar:/home/vo136787/derby/tmp/testbuild/lib/derbycl= ient.jar:/home/vo136787/derby/tmp/testbuild/lib/derbyrun.jar:/home/vo= 136787/derby/tmp/testbuild/lib/junit.jar:/home/vo136787/derby/tmp/tes= tbuild/lib/db2jcc.jar:/home/vo136787/derby/tmp/testbuild/lib/db2jcc_l= icense_c.jar:/home/vo136787/derby/tmp/testbuild/lib/jakarta-oro-2.0.8= .jar:/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_de_DE.jar:/ho= me/vo136787/derby/tmp/testbuild/lib/derbyLocale_es.jar:/home/vo136787= /derby/tmp/testbuild/lib/derbyLocale_fr.jar:/home/vo136787/derby/tmp/= testbuild/lib/derbyLocale_it.jar:/home/vo136787/derby/tmp/testbuild/l= ib/derbyLocale_ja_JP.jar:/home/vo136787/derby/tmp/testbuild/lib/derby= Locale_ko_KR.jar:/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_p= t_BR.jar:/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_zh_CN.jar= :/home/vo136787/derby/tmp/testbuild/lib/derbyLocale_zh_TW.jar >>OS name: SunOS >>OS architecture: x86 >>OS version: 5.10 >>Java user name: vo136787 >>Java user home: /home/vo136787 >>Java user dir: /home/vo136787/tmp/test >>java.specification.name: Java Platform API Specification >>java.specification.version: 1.5 >>--------- Derby Information -------- >>JRE - JDBC: J2SE 5.0 - JDBC 3.0 >>[/home/vo136787/derby/tmp/testbuild/lib/derby.jar] 10.2.0.0 alpha -= (394991) >>[/home/vo136787/derby/tmp/testbuild/lib/derbytools.jar] 10.2.0.0 al= pha - (394991) >>[/home/vo136787/derby/tmp/testbuild/lib/derbynet.jar] 10.2.0.0 alph= a - (394991) >>[/home/vo136787/derby/tmp/testbuild/lib/derbyclient.jar] 10.2.0.0 a= lpha - (394991) >>[/home/vo136787/derby/tmp/testbuild/lib/db2jcc.jar] 2.4 - (17) >>[/home/vo136787/derby/tmp/testbuild/lib/db2jcc_license_c.jar] 2.4 -= (17) >>------------------------------------------------------ >>----------------- Locale Information ----------------- >>Current Locale : [English/United States [en_US]] >>Found support for locale: [de_DE] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [es] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [fr] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [it] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [ja_JP] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [ko_KR] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [pt_BR] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [zh_CN] >> version: 10.2.0.0 alpha - (394991) >>Found support for locale: [zh_TW] >> version: 10.2.0.0 alpha - (394991) >>------------------------------------------------------ >>vo136787@khepri32:~/tmp/test> java org.apache.derby.tools.sysinfo -= cp >>Testing for presence of all Derby-related libraries; typically, onl= y some are needed. >>For a list of possible arguments, type java org.apache.derby.tools.= sysinfo -cp args >>FOUND IN CLASS PATH: >> Derby embedded engine library (derby.jar) >> /home/vo136787/derby/tmp/testbuild/lib/derby.jar >> Derby embedded engine library (derby.jar) >> /home/vo136787/derby/tmp/testbuild/lib/derby.jar >> Derby Network Server library (derbynet.jar) >> /home/vo136787/derby/tmp/testbuild/lib/derbynet.jar >> Derby Client libraries (db2jcc.jar) >> /home/vo136787/derby/tmp/testbuild/lib/db2jcc.jar >> Derby Client libraries (derbyclient.jar) >> /home/vo136787/derby/tmp/testbuild/lib/derbyclient.jar >>NOT FOUND IN CLASS PATH: >> Derby tools library (derbytools.jar) >> (org.apache.derby.tools.ij not found.) >> =20 >> > > =20 >