db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dag.wan...@oracle.com (Dag H. Wanvik)
Subject Re: Trying to migrate to LDAP (but getting Error 08004)
Date Thu, 20 Jan 2011 01:40:21 GMT
Thomas <Thomas.K.Hill@t-online.de> writes:

> to start with? Is this an AccessControl/Security issue or an issue that it does

I is anAccessControl/Security issue.

> not know how to resolve the servername to an IP-Address? What exactly would I
> need to put as 'permission java.netSocketPermission' if not '*' and 'accept'?

Looking into the default server policy file, see SocketPermission only
in one location:
   
   grant codeBase "${derby.install.url}derbynet.jar"
   {
       :
       // Accept connections from any host. Derby is listening to the host
       // interface specified via the -h option to "NetworkServerControl
       // start" on the command line, via the address parameter to the
       // org.apache.derby.drda.NetworkServerControl constructor in the API
       // or via the property derby.drda.host; the default is localhost.
       // You may want to restrict allowed hosts, e.g. to hosts in a specific
       // subdomain, e.g. "*.acme.com".

       permission java.net.SocketPermission "*", "accept"; 


That is, I don't see the derby.jar codebase having any permission to
resolve and connect to your LDAP server. You may have to add something
like

   grant codeBase "${derby.install.url}derby.jar"
   {
         :
new -->  permission java.net.SocketPermission "miniserver", "connect,accept";

since the code that is failing is inside derby.jar.

The "resolve" permission is implied by "connect", cf.
http://download.oracle.com/javase/6/docs/api/java/net/SocketPermission.html
Not sure if you need the "accept".

Dag

Mime
View raw message