db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas <Thomas.K.H...@t-online.de>
Subject Re: Trying to migrate to LDAP (but getting Error 08004)
Date Wed, 19 Jan 2011 23:13:06 GMT
> This means that a) you are running with the Java security manager
> enabled, and b) you need to add a missing SocketPermission to the
> derby.jar codebare in a policy file, cf.
> 
ad a) yes, the security manager enabled is the default java security manager
which is what is confirmed in derby.log and matches what is stated in the
documentation ("If you boot the Network Server without specifying a security
manager, the Network Server will install a default Java security manager
enforcing a Basic policy")
ad b) I assume the concrete property referred to that would need to set/checked
is the java.net.SocketPermission property which can be set as documented in the
last line of the examples in the documentation, i.e. 
permission java.net.SocketPermission "*", "accept"; 
which is the deault. What I do not quite understand is, if the default "*" -
which I have not changed - leads to connections being accepted from any host,
why am I then getting the 
> java.sql.SQLException: Connection refused : javax.naming.CommunicationException
> : miniserver:10389 [Root exception is java.security.AccessControlException: 
> access denied (java.net.SocketPermission miniserver resolve)]
> 	at org.apache.derby.impl.jdbc.authentication.
> 	JNDIAuthenticationSchemeBase.getLoginSQLException(Unknown Source)
> 	at org.apache.derby.impl.jdbc.authentication.LDAPAuthentication
> 	SchemeImpl.authenticateUser(Unknown Source)
to start with? Is this an AccessControl/Security issue or an issue that it does
not know how to resolve the servername to an IP-Address? What exactly would I
need to put as 'permission java.netSocketPermission' if not '*' and 'accept'?

Thanks


Mime
View raw message