db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Derby on Ipv6
Date Tue, 26 Jun 2007 14:47:07 GMT
Manjula Kutty wrote:
>
> Hi
>  
> While running tests on Ipv6 machines using the 10.3 jars with the 
> default security manager, I had the following findings/questions
> I started the server like this java 
> org.apache.derby.drda.NetworkServerControl start -h 
> 2002:92a:8f7a:13:9:42:74:19
> and the server started with the following command
> Security manager installed using the Basic server security policy.
> Apache Derby Network Server - 10.3.1.0 <http://10.3.1.0> beta - 
> (548006) started and ready to accept connections on port 1527 at 
> 2007-06-25 23:44: 36.835 GMT
>  
> So I think the server is using the default security manager. Then when 
> I tried to get conenction though ij
>  
> got the following error message
> Access denied (java.net.SocketPermission 
> [2002:92a:8f7a:13:9:42:73:218]:34016 accept,resolve)
> java.security.AccessControlException: Access denied 
> (java.net.SocketPermission [2002:92a:8f7a:13:9:42:73:218]:34016 
> accept,resolve)
>         at 
> java.security.AccessController.checkPermission(AccessController.java:104)
>         at 
> java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
>         at java.lang.SecurityManager.checkAccept 
> (SecurityManager.java:1172)
>         at java.net.ServerSocket.implAccept(ServerSocket.java:466)
>         at java.net.ServerSocket.accept(ServerSocket.java:433)
>         at org.apache.derby.impl.drda.ClientThread$1.run (Unknown Source)
>         at 
> java.security.AccessController.doPrivileged(AccessController.java:242)
>         at org.apache.derby.impl.drda.ClientThread.run(Unknown Source)
>  
> I had the derby.properties file like this
>  
>
> derby.database.sqlAuthorization=true
> derby.connection.requireAuthentication=true
> derby.infolog.append=true
> derby.authentication.provider=BUILTIN
> derby.stream.error.logSeverityLevel=0
>
> #derby.language.logStatementText=true
>
> # User's Definitions
> derby.user.user2=pass2
>
>
>  
>
>
> So now my question is , do I have to edit the default policy file???
>  
> If so , then we can not say it as a default security manager...
>  
> Please clarify...
>  
> Thanks,
> Manjula.
Hi Manjula,

Thanks for test-driving this on ipv6. The machines handy to me are all 
ipv4 so I can't reproduce your experiment yet. However, it seems to me 
that, given your command line, the default policy file is going to grant 
derbynet.jar accept permission on localhost:*. On an ipv6 machine this 
may not be a legal address.  Could you try bringing up the server with a 
customized policy file with the following grant and see if you can connect?

grant codeBase "${derby.install.url}derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients.
//
  permission java.net.SocketPermission "*", "accept";
};

Thanks,
-Rick


Mime
View raw message