db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Signed jar file loaded in DB
Date Wed, 27 Feb 2008 23:10:16 GMT
bradm6406 wrote:
> Hi,
> 
> I am having problems running code from within a signed jar file if the jar
> file has been loaded into the database using sqlj.install_jar.
> 
> I have signed my jar file and if I add the jar file to my Java ClassPath
> then the policy file below works just fine and I can run the code in my jar
> file.  If I remove the jar file from my Java ClassPath and install the jar
> into the database using sqlj.install_jar('my.jar', 'APP.myClass') and
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath',
> 'APP.myClass') then I get the error "The exception
> 'java.security.AccessControlException: access denied
> (java.util.PropertyPermission derby.system.home read)' was thrown while
> evaluating an expression." when trying to read the derby.system.home
> property in code inside my jar file.
> 
> I am using the default security manager (java.security.manager="").
> 
> Here are the relevant pieces of my policy file.
> ------------------------------------------------------------
> keystore "my.keystore";
> 
> grant signedBy "myalias" 
> {
>   permission java.io.FilePermission "${derby.system.home}${/}-",
> "read,write,delete";
>   permission java.util.PropertyPermission "derby.*", "read";
>   permission java.lang.RuntimePermission "loadLibrary.*";
>   permission java.util.PropertyPermission "user.dir", "read";
> };
> ------------------------------------------------------------
> 
> I tried setting the keystore value to "${derby.system.home}${/}my.keystore";
> in case the problem was that Derby was unable to find my.keystore without
> having the full path to it, but that didn't work.
> 
> I am using Derby 10.3.2.1 on a Windows XP Pro machine.
> 
> Any suggestions?

Can you share the stack trace?

The only thing I can think of is you are not getting the system property 
in a privileged block, but then that should also fail if the jar is on 
the classpath. (assuming this is being called in both cases from a SQL 
procedure or function implemented in Java).

Dan.

Mime
View raw message