db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy
Date Mon, 24 Feb 2014 13:16:20 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13910278#comment-13910278

Rick Hillegas commented on DERBY-6438:

Hi Daniel,

The url which worked for Kim pointed at a directory which contains the Derby jars: file:///c:/jars/1010jars/
. It looks to me as though your url is pointing at the directory above the jar directory.


...instead of


The derby.system.home variable will be set by the Derby network server before it installs
a security manager. The other variable, derby.drda.traceDirectory is not automatically set;
but you only need to set it if you are tracing a network protocol handshake.

If you need to downgrade your java version, 7u45 should work.

If this is just a problem you're experiencing in development, you can turn off the security
manager by setting the -noSecurityManager flag as described here: http://db.apache.org/derby/docs/10.10/adminguide/tadminnetservopen.html

Hope this helps,

> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>                 Key: DERBY-6438
>                 URL: https://issues.apache.org/jira/browse/DERBY-6438
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server
>    Affects Versions:
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For:,,,,,,
>         Attachments: 1010_server.policy, 1010_server.policy, 1010_server.policy, 1010_server.policy,
d6438-1a.diff, releaseNote.html, releaseNote.html
> The network server needs SocketPermission "listen" on the port that it listens to, but
this permission is not granted by the basic server policy that's installed by default. This
doesn't cause any problems in most cases, since the JVM's default policy grants all code bases
SocketPermission "listen" on a range of ports, and Derby's network server port is within that
> Still, the network server should not rely on this fact. It is possible to run the network
server on any port, not only those ports that happen be in the range that's given carte blanche
by the platform's default policy. The network server will however not be able to run on those
ports with the basic policy currently, only with a custom policy or with the security manager
> The default policy should make this permission explicit.

This message was sent by Atlassian JIRA

View raw message