db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bradm6406 <bradm6...@hotmail.com>
Subject Signed jar file loaded in DB
Date Wed, 27 Feb 2008 23:05:46 GMT

Hi,

I am having problems running code from within a signed jar file if the jar
file has been loaded into the database using sqlj.install_jar.

I have signed my jar file and if I add the jar file to my Java ClassPath
then the policy file below works just fine and I can run the code in my jar
file.  If I remove the jar file from my Java ClassPath and install the jar
into the database using sqlj.install_jar('my.jar', 'APP.myClass') and
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath',
'APP.myClass') then I get the error "The exception
'java.security.AccessControlException: access denied
(java.util.PropertyPermission derby.system.home read)' was thrown while
evaluating an expression." when trying to read the derby.system.home
property in code inside my jar file.

I am using the default security manager (java.security.manager="").

Here are the relevant pieces of my policy file.
------------------------------------------------------------
keystore "my.keystore";

grant signedBy "myalias" 
{
  permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.lang.RuntimePermission "loadLibrary.*";
  permission java.util.PropertyPermission "user.dir", "read";
};
------------------------------------------------------------

I tried setting the keystore value to "${derby.system.home}${/}my.keystore";
in case the problem was that Derby was unable to find my.keystore without
having the full path to it, but that didn't work.

I am using Derby 10.3.2.1 on a Windows XP Pro machine.

Any suggestions?


Thanks,

Brad
-- 
View this message in context: http://www.nabble.com/Signed-jar-file-loaded-in-DB-tp15725696p15725696.html
Sent from the Apache Derby Users mailing list archive at Nabble.com.


Mime
View raw message