db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Server tracing not allowed with default security manager policy file
Date Tue, 25 Sep 2007 17:34:08 GMT
Hi Kathey,

The change was not intentional. Right now, no file permissions are 
granted to derbynet.jar. I think you don't want to grant blanket write 
permission to derbynet.jar. You should be able to get away with granting 
derbynet.jar something narrow like the following:

permission java.io.FilePermission "${derby.drda.traceDirectory}", "write";

However, you will need to make sure that that property is properly 
defaulted as described in the Admin Guide. The defaulting needs to 
happen before NetworkServerControl installs a security manager.

Regards,
-Rick

Kathey Marsden wrote:
> I noticed that server side tracing, setting
> derby.drda.traceAll=true
> is not allowed with the default network server policy file.  Was this 
> an intentional change in behaviour or is it a bug?
>
> Thanks
>
> Kathey
>
>
> [C:/kmarsden/repro/DERBY-3085] java TestBlob
> Access denied (java.io.FilePermission Server1.trace write)
> java.security.AccessControlException: Access denied 
> (java.io.FilePermission Server1.trace write)
>        at 
> java.security.AccessController.checkPermission(AccessController.java:104)
>        at 
> java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
>        at java.lang.SecurityManager.checkWrite(SecurityManager.java:977)
>        at java.io.FileOutputStream.<init>(FileOutputStream.java:195)
>        at java.io.FileOutputStream.<init>(FileOutputStream.java:96)
>        at java.io.FileWriter.<init>(FileWriter.java:69)
>        at 
> org.apache.derby.impl.drda.DssTrace.startComBufferTrace(DssTrace.java:170) 
>
>        at org.apache.derby.impl.drda.Session.initTrace(Session.java:137)
>        at org.apache.derby.impl.drda.Session.initialize(Session.java:257)
>        at org.apache.derby.impl.drda.Session.<init>(Session.java:94)
>        at 
> org.apache.derby.impl.drda.NetworkServerControlImpl.addSession(NetworkServerControlImpl.java:3673)

>
>        at 
> org.apache.derby.impl.drda.ClientThread.run(ClientThread.java:80)
>
>


Mime
View raw message