db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-857) LDAP user authentication fails under a security manager
Date Tue, 16 Oct 2007 12:57:32 GMT

    [ https://issues.apache.org/jira/browse/DERBY-857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535243
] 

Kathey Marsden commented on DERBY-857:
--------------------------------------

This is the offending code  in LDAPAuthenticationSchemeImpl.  It is only an issue for a sane
build and only with the property derby.debug.true=AuthenticationTrace set, which is probably
why it hasn't come up on the user list.

Interestingly, nothing shows up in this file, for successful or unsuccessful connections and
the com.sun.naming.ldap.trace.ber, I think is not portable.  Lastly the name  of the file
CloudLDAP.out is not ideal.   I see three options
1) Put a priv block around this code. Change the filename and make sure the bug  doesn't reproduce.
2) Remove the code altogether since it is not portable/working.
3) Find some portable way to invoke LDAP tracing. Suggestions welcome.

if (SanityManager.DEBUG)
		{
			if (SanityManager.DEBUG_ON(
						AuthenticationServiceBase.AuthenticationTrace)) {
				try {
					initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
								new java.io.FileOutputStream("CloudLDAP.out"));
				} catch (java.io.IOException ie) {}
			}
		}


> LDAP user authentication fails under a security manager
> -------------------------------------------------------
>
>                 Key: DERBY-857
>                 URL: https://issues.apache.org/jira/browse/DERBY-857
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.2.1.6
>            Reporter: Daniel John Debrunner
>            Assignee: Kathey Marsden
>
> Running the test jdbcapi/secureUsers1.sql with a security manager results in:
> > ERROR 08004: Connection refused : javax.naming.CommunicationException: noSuchMachine:389
[Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission
noSuchMachine resolve)]
> Adding this permission to the policy file has no effect. which means a priv block is
required around the LDAP call.
> permission java.net.SocketPermission "noSuchMachine", "resolve";

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message