db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2963) AccessControlException: Access denied java.net.SocketPermission <client ip> accept,resolve
Date Mon, 23 Jul 2007 14:47:31 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514645

Dag H. Wanvik commented on DERBY-2963:

I also see the issue regardless of whether derbyrun.jar is used or not.

It seems the default policy file installed intentionally does *not*
open access to remote clients. I am not sure, but I seem to remember
this being discussed (DERBY-2196) and found to be acceptable? However,
the release notes do not indicate this, which would seem to indicate
it is not the intended behavior, in which case it is a bug, not a

Changing this line in server.policy:

  permission java.net.SocketPermission "${derby.security.host}", "accept"; 


  permission java.net.SocketPermission "*", "accept"; 

lets me connect from any host to the interface name given in -h option.

> AccessControlException: Access denied java.net.SocketPermission <client ip> accept,resolve
> ------------------------------------------------------------------------------------------
>                 Key: DERBY-2963
>                 URL: https://issues.apache.org/jira/browse/DERBY-2963
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions:
>         Environment: SuseLinux 10
> IBM JVM 1.5
>            Reporter: Daniel John Debrunner
>            Priority: Blocker
> I start the server using an ipv4 address
> java derbyrun.jar server start -h x.x.x.x
> Then I connect from a remote client  and hit an AccessControlException
> The ip in the exception is that of the *client*, not the server.
> This setup works in
> Same problem if the hostname is in derby.properties
> Problem can be worked around by using -noSecurityManager when starting the server

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message