db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: java.security.AccessControlException doing a file write
Date Fri, 15 Feb 2008 22:18:43 GMT
Hi Brad,

Writing a valid security policy file can be a bit tricky. I am not sure 
that you have identified the codebase of your jar file with a legal URL. 
I would expect to see some double slashes in the URL. The following kind 
of URL works for me:

grant codeBase "file:///opt/DerbyTrunk/jars/sane/derby.jar"
{
...


};

Hope this helps,
-Rick

bradm6406 wrote:
> Hi,
>
> I am trying to add a custom procedure to my Derby database that will backup
> the database and then zip the resulting backup folder.  I can call the
> procedure with no problems and it creates the database backup using a call
> to SYSCS_UTIL.SYSCS_BACKUP_DATABASE().  The problem comes when I try to zip
> the resulting folder.
>
> I took the zipping code from this URL:
> http://www.acm.org/crossroads/xrds6-3/ovp63.html and added the SimpleZip
> class to my package.  I then added the makeZip procedure to my database.  I
> can call the makeZip procedure with no problems so I know it is registered
> properly in Derby but I get an exception when the code tries to create the
> zip file on the hard drive.
>
> This is the error I am getting:
> java.sql.SQLException: The exception 'java.security.AccessControlException:
> access denied (java.io.FilePermission D:\derby_database\backups\20080215.zip
> write)' was thrown while evaluating an expression.
>
> I was assuming that I needed to add additional permissions to my policy
> file, so I added this:
>
> grant codeBase "file:${derby.system.home}${/}lib${/}DerbyHelpers.jar"
> {
>   permission java.io.FilePermission "${derby.system.home}${/}backups${/}-",
> "read,write,delete";
> };
>
> That didn't work.  I still got the same error.  So I decided to try creating
> a new policy file that gave all permissions to everything and see what
> happened.  My new policy file looks like this:
>
> // Give permissions to all of my Derby jar files, and my custom jar file
> grant codeBase "file:${derby.system.home}/lib/-" {
>   permission java.security.AllPermission;
> };
>
> // I have a copy of the Sun JRE in d:\derby\database\java\ that I am using,
> give all permissions to all of the java libraries
> grant codeBase "file:D:/derby_database/java/lib/-"{
>   permission java.security.AllPermission;
> };
>
>
> This still doesn't work.  Now I'm stumped.  I'm very new to Java and just
> struggling through it because we decided to use Derby for our program.  I
> would have thought that giving the FilePermissions to my custom jar file
> would have worked but it isn't.  Each time I made a change to the policy
> file I restarted the network server just to be sure that the new policy file
> has been reloaded.  I am 100% sure the policy file is being used because if
> I change it so that the wrapper.jar file doesn't have the needed permissions
> then I get errors when starting the service using the wrapper.
>
> If i call the makeZip function directly from Eclipse then it creates a zip
> file with no problems.  The error is only occurring when I am running the
> code from within Derby.
>
> Any suggestions?
>
>
> Thanks,
>
> Brad
>   


Mime
View raw message