db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren" <m.v.lunte...@gmail.com>
Subject AccessControlException on log/logmirror.ctrl after bouncing server...
Date Thu, 27 Jul 2006 02:43:11 GMT
Hi,

I ran into the following interesting situation with permissions
granted as per derby_tests.policy, and I'm hoping someone can answer
my questions:
 - start networkserver with derby_tests.policy as described in the
remote server testing section of the java/testing/README.htm, but with
-h <srvhostname>
 - start an ij session, connect to the server creating a database
 - disconnect, exit ij, shutdown networkserver
so far ok
 - start networkserver again just like before
 - start ij again just like before, connect to the same database again
results in:
ERROR XJ040: DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ040, SQLERRMC:
Failed to start database 'bladb', see the next exception for
details.::SQLSTATE: XJ001Java exception: 'access denied
(java.io.FilePermission
/home/myrna/tsttmp5/srv/bladb/log/logmirror.ctrl read):
java.security.AccessControlException'.

One can dis- and reconnect fine as long as the network server is up,
but once it has been bounced, reconnect fails.

derby.log shows no stack trace, even though the following properties
are set in derby.properties in derby.system.home:
derby.infolog.append=true
derby.language.logStatementText=true
derby.stream.error.logSeverityLevel=0
------------------
...
2006-07-26 23:49:38.402 GMT Thread[DRDAConnThread_3,5,main] (DATABASE
= bladb), (DRDAID = {1}), Failed to start database 'bladb', see the
next exception for details.
2006-07-26 23:49:38.404 GMT Thread[DRDAConnThread_3,5,main] (DATABASE
= bladb), (DRDAID = {1}), Java exception: 'access denied
(java.io.FilePermission
/home/myrna/tsttmp5/srv/bladb/log/logmirror.ctrl read):
java.security.AccessControlException'.
----------------

The error goes away when I add the following permissions to derbynet.jar:
  // all databases under derby.system.home
  permission java.io.FilePermission "${derby.system.home}${/}-",
"read, write, delete";

Now here are my ponderables:
- why does derbynet.jar need to have this permission, isn't it
sufficient for derby.jar to have them (derby.jar has these permissions
already).
- why are these permissions only required after bouncing the server?
- is this situation not tested anywhere? i.e. not one networkserver test
  that bounces the server and reconnects to the same database?
- what can I do to get a stack trace?
- is it ok to add this permission to derby_tests.policy?

Thx,
Myrna

Mime
View raw message