db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Re: networkserver security manager issue
Date Tue, 08 Nov 2005 06:28:36 GMT
Paul Byford wrote:

> Dan,
> 
> Thanks for this, 10.1.2 resolved the issue, however I had to tweak the
> policy file and add the following to my pollicy file;
> 
> permission java.io.FilePermission "${derby.system.home}","read";

[snip]

> - as i understood the following permisssion should make the additional
> one i had to set above redundant;
> 
>  permission java.io.FilePermission "${derby.system.home}${/}-","read,
> write, delete";
> 
> any ideas why the addtional permission is required? if this is not a
> quick of my setup and it is required it would be useful to add the
> additional entry to the example policy file in derbyadmin.pdf page32

I've seen that before, the Java documentation seems to imply the file
path ${derby.system.home}${/}- includes the directory ${derby.system.home}.

Quote from 1.4 docs

'A pathname that ends with "/-" indicates a directory and (recursively)
all files and subdirectories contained in that directory.'

However, when running under the security manager it seems that is not
the case. I just found this bug at Sun:

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4261298

It states

'This not a bug. The user is not parsing the document correctly. When a
path is trailed with "/-" it means that the elemet preceding it is a
directory and that grants are for all elements below it. It does not
state that you can read the directory itself.'

So, I guess the examples do need to be updated.
Dan.


Mime
View raw message