db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Byford" <p_byf...@hotmail.com>
Subject Re: networkserver security manager issue
Date Mon, 07 Nov 2005 21:55:09 GMT
<html><div style='background-color:'><DIV class=RTE>
<P>Dan,</P>
<P>Thanks for this, 10.1.2 resolved the issue, however I had to tweak the policy file
and add the following to my pollicy file;</P>
<P>permission java.io.FilePermission "${derby.system.home}","read";</P>
<P>without this entry i obtained the following exception;</P>
<P>F:\Documents and Settings\paul byford&gt;java -Djava.security.manager -Djava.securi<BR>ty.policy=f:/derby10/policy/nwsvr.policy
-Dderby.system.home=f:\derby10\system_d<BR>irectory org.apache.derby.drda.NetworkServerControl
start<BR>java.security.AccessControlException: access denied (java.io.FilePermission
f:\d<BR>erby10\system_directory read)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.security.AccessControlContext.checkPermission(Unknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.security.AccessController.checkPermission(Unknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.lang.SecurityManager.checkPermission(Unknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.lang.SecurityManager.checkRead(Unknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.io.File.exists(Unknown 
Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at
org.apache.derby.impl.services.monitor.FileMonitor.PBinitialize(Unkno<BR>wn Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.impl.services.monitor.FileMonitor.run(Unknown Source<BR>)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at java.security.AccessController.doPrivileged(Native Method)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.impl.services.monitor.FileMonitor.initialize(Unknown<BR>&nbsp;Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.impl.services.monitor.FileMonitor.&lt;init&gt;(Unknown Sou<BR>rce)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Unknown<BR>&nbsp;Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at 
org.apache.derby.iapi.services.property.PropertyUtil.getSystemPropert<BR>y(Unknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.iapi.services.property.PropertyUtil.getSystemPropert<BR>y(Unknown
Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; at
org.apache.derby.impl.drda.NetworkServerControlImpl.getPropertyInfo(U<BR>nknown Source)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.impl.drda.NetworkServerControlImpl.&lt;init&gt;(Unknown So<BR>urce)<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)</P>
<P>- my full policy file (which works) is;</P>
<P>grant codeBase "file:f:/derby10/lib/-" {<BR>permission java.util.PropertyPermission
"derby.*", "read";<BR>permission java.util.PropertyPermission "user.dir", "read";<BR>permission
java.io.FilePermission "${derby.system.home}${/}-","read, write, delete";<BR>irectorypermission
java.io.FilePermission "${derby.system.home}","read";<BR>permission java.io.FilePermission
"${user.dir}${/}-", "read, write,delete";<BR>permission java.lang.RuntimePermission
"createClassLoader";<BR>};</P>
<P>grant codeBase "file:f:/derby10/lib/-" {<BR>permission java.net.SocketPermission
"localhost", "accept, connect, resolve";<BR>permission java.net.SocketPermission "127.0.0.1",
"accept, connect, resolve";<BR>permission java.net.SocketPermission "localhost:*", "accept,
connect, resolve";<BR>};</P>
<P>- my derby.system.home is set on the call to start the network server to;</P>
<P>derby.system.home=f:\derby10\system_directory</P>
<P>- as i understood the following&nbsp;permisssion should make the additional one
i had to set above&nbsp;redundant;</P>
<P>&nbsp;permission java.io.FilePermission "${derby.system.home}${/}-","read, write,
delete";<BR><BR>any ideas why the addtional permission is required? if this is
not a quick of my setup and it is required it&nbsp;would be useful to&nbsp;add the
additional entry to the example policy file in derbyadmin.pdf page32</P>
<P>regards</P>
<P>paul</P></DIV>
<DIV></DIV>
<BLOCKQUOTE style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #a0c6e5 2px solid;
MARGIN-RIGHT: 0px"><FONT style="FONT-SIZE: 11px; FONT-FAMILY: tahoma,sans-serif">
<HR color=#a0c6e5 SIZE=1>

<DIV></DIV>From:&nbsp;&nbsp;<I>Daniel John Debrunner &lt;djd@debrunners.com&gt;</I><BR>Reply-To:&nbsp;&nbsp;<I>"Derby
Discussion" &lt;derby-user@db.apache.org&gt;</I><BR>To:&nbsp;&nbsp;<I>Derby
Discussion &lt;derby-user@db.apache.org&gt;</I><BR>Subject:&nbsp;&nbsp;<I>Re:
networkserver security manager issue</I><BR>Date:&nbsp;&nbsp;<I>Mon,
07 Nov 2005 03:02:41 -0800</I><BR>&gt;Paul Byford wrote:<BR>&gt;<BR>&gt;
&gt; hi,<BR>&gt; &gt; I would appreciate if anyone can help with the following
issue. I am<BR>&gt; &gt; attempting to run the derby network server with a security
manager<BR>&gt; &gt; policy. when i run without a policy everything works fine.
it starts, i<BR>&gt; &gt; can connect to databases, retrieve data etc. However
when i attempt to<BR>&gt; &gt; start with a ploicy i obtain an exception.<BR>&gt;<BR>&gt;This
may be DERBY-626, which is fixed in the 10.1 branch and the 
trunk.<BR>&gt;Can you try with the 10.1.2 release candidate?<BR>&gt;<BR>&gt;http://people.apache.org/~kmarsden/<BR>&gt;<BR>&gt;Thanks,<BR>&gt;Dan.<BR>&gt;<BR>&gt;<BR>&gt;<BR></FONT></BLOCKQUOTE></div></html>


Mime
View raw message