db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bradm6406 <bradm6...@hotmail.com>
Subject Re: Signed jar file loaded in DB
Date Wed, 27 Feb 2008 23:55:19 GMT



Daniel John Debrunner-2 wrote:
> 
> bradm6406 wrote:
>> Hi,
>> 
>> I am having problems running code from within a signed jar file if the
>> jar
>> file has been loaded into the database using sqlj.install_jar.
>> 
>> I have signed my jar file and if I add the jar file to my Java ClassPath
>> then the policy file below works just fine and I can run the code in my
>> jar
>> file.  If I remove the jar file from my Java ClassPath and install the
>> jar
>> into the database using sqlj.install_jar('my.jar', 'APP.myClass') and
>> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath',
>> 'APP.myClass') then I get the error "The exception
>> 'java.security.AccessControlException: access denied
>> (java.util.PropertyPermission derby.system.home read)' was thrown while
>> evaluating an expression." when trying to read the derby.system.home
>> property in code inside my jar file.
>> 
>> I am using the default security manager (java.security.manager="").
>> 
>> Here are the relevant pieces of my policy file.
>> ------------------------------------------------------------
>> keystore "my.keystore";
>> 
>> grant signedBy "myalias" 
>> {
>>   permission java.io.FilePermission "${derby.system.home}${/}-",
>> "read,write,delete";
>>   permission java.util.PropertyPermission "derby.*", "read";
>>   permission java.lang.RuntimePermission "loadLibrary.*";
>>   permission java.util.PropertyPermission "user.dir", "read";
>> };
>> ------------------------------------------------------------
>> 
>> I tried setting the keystore value to
>> "${derby.system.home}${/}my.keystore";
>> in case the problem was that Derby was unable to find my.keystore without
>> having the full path to it, but that didn't work.
>> 
>> I am using Derby 10.3.2.1 on a Windows XP Pro machine.
>> 
>> Any suggestions?
> 
> Can you share the stack trace?
> 
> The only thing I can think of is you are not getting the system property 
> in a privileged block, but then that should also fail if the jar is on 
> the classpath. (assuming this is being called in both cases from a SQL 
> procedure or function implemented in Java).
> 
> Dan.
> 
> 


Oh, I forgot to mention that I am calling the code from a SQL procedure in
both cases.  The only difference between the case that works and the case
that doesn't is whether I have the jar file in the Java classpath (works),
or loaded into the database (fails).


Brad
-- 
View this message in context: http://www.nabble.com/Signed-jar-file-loaded-in-DB-tp15725696p15726103.html
Sent from the Apache Derby Users mailing list archive at Nabble.com.


Mime
View raw message