db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dag wanvik <dag.wan...@oracle.com>
Subject Re: Configuring a Server Policy for Derby on Windows
Date Thu, 30 Jan 2014 15:47:53 GMT
The slashes in a file URL is explained in this Wikipedia entry:

http://en.wikipedia.org/wiki/File_URI_scheme#Meaning_of_slash_character

*file:///host///path/*

Things to notice:

* "If /host/ is omitted, it is taken to be "localhost", the machine from 
which the URL is being interpreted. Note that when omitting host you do 
not omit the slash ("file:///foo.txt" is okay, while "file://foo.txt" is 
not, although some interpreters manage to handle the latter)."

* "The double slash // should always appear in a file URL according to 
the specification, but in practice many Web browsers 
<http://en.wikipedia.org/wiki/Web_browser> allow you to omit it)"

* "the URI as understood by the Windows Shell API is e.g. 
"file:///c:/WINDOWS/clock.avi"

So, three slashes is OK: it means the host is omitted (default).
Zero and one slash would indicate that the "//host" part is omitted, cf 
the lenience allowed mentioned above.

Just a double slash followed by the file path (e.g. //C:/....), would be 
wrong, since "C:" is not a host name.

So, our docs are wrong here.

Thanks,
Dag



On 30.01.2014 16:00, Myrna van Lunteren wrote:
> Hi John,
>
> Thanks for the write-up!
>
> I'm sorry you had to struggle through the url file: syntax  - I did 
> too, and updated DERBY-6438 with my findings.
>
> We should probably fix the documentation.
>
> Myrna
>
>
>
> On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. <softmoore@att.net 
> <mailto:softmoore@att.net>> wrote:
>
>     I am sending this email to the Derby user list with the hope that
>     I can save someone time and frustration when trying to run the
>     Derby network server on Windows with the latest version of Java
>     (currently 1.7.0_51).  With the latest version of Java, it is no
>     longer possible to use the batch file "startNetworkServer.bat" to
>     start the network server.  If you run derby under Linux or some
>     variation of Unix, or if you are already familiar with how to use
>     a server policy file with Derby, you can probably ignore this
>     message.  (Note to Derby developers:  You might want to add some
>     of the descriptions below to the appropriate pages in the Derby
>     documentation, especially
>     https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html.)
>
>     To run the Derby network server on Windows, you will need to
>     download a copy of the server policy file 1010_server.policy from
>     https://issues.apache.org/jira/browse/DERBY-6438 and edit it for
>     your use or define appropriate system properties when starting the
>     Derby network server.  I will give an example for editing the file.
>
>     When editing the file, replace "${derby.install.url}" with the
>     full path name for the Derby jar files in the four sections that
>     start with "*grant codebase*". The syntax is a little tricky.  For
>     example, assume that derby has been installed in
>     C:\Java\db-derby-10.10.1.1-bin. You use a "file:" specification,
>     but you need to use forward slashes, not back slashes.  Also, the
>     file specification can contain zero, one, or three forward
>     slashes, but not two.  Thus, any of the following will work
>
>     grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>     grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>     grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>     but not
>
>          grant codeBase
>     "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>     This is an important point since the sample files in the Derby
>     Developer's Guide seem to imply that two slashes are acceptable --
>     see
>     http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html.
>     If you use two slashes in you file specification, you will get an
>     error message similar to the following:
>
>     Thu Jan 30 09:09:33 EST 2014 : access denied
>     ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
>     "write")
>
>     java.security.AccessControlException: access denied
>     ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
>     "write")
>
>     at java.security.AccessControlContext.checkPermission(Unknown Source)
>
>     at java.security.AccessController.checkPermission(Unknown Source)
>
>     at java.lang.SecurityManager.checkPermission(Unknown Source)
>
>     at java.lang.System.setProperty(Unknown Source)
>
>     at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
>
>     at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
>
>     at java.security.AccessController.doPrivileged(Native Method)
>
>     at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
>
>     at org.apache.derby.iapi.tools.run.main(Unknown Source)
>
>     You also need to replace "${derby.security.port}" with the
>     appropriate port number (e.g., 1527). Alternatively, you can
>     define "${derby.security.port}" in your call to start the Derby
>     network server, as in "-Dderby.security.port=1527". Other policy
>     file parameters can be handled similarly, but these are the most
>     important ones, and these changes are the minimum needed to get
>     the Derby network server started.
>
>     I saved the policy file in my DERBY_HOME directory as simply
>     server.policy, and I edited only the four "grant codebase"
>     sections as described above.  I can then start the Derby network
>     server using a command similar to the following (which I placed in
>     a batch file):
>
>     start java -Dderby.system.home=%DERBY_HOME%
>     -Dderby.security.port=1527 -Djava.security.manager
>     -Djava.security.policy=%DERBY_HOME%\server.policy -jar
>     %DERBY_HOME%\lib\derbyrun.jar server start
>
>     Alternatively, if your class path contains the appropriate Derby
>     jar files (which can ensure by running
>     %DERBY_HOME%\bin\setNetworkServerCP.bat), you can start the Derby
>     network server using the following:
>
>     start java -Dderby.system.home=%DERBY_HOME%
>     -Dderby.security.port=1527 -Djava.security.manager
>     -Djava.security.policy=%DERBY_HOME%\server.policy
>     org.apache.derby.drda.NetworkServerControl start
>
>     I hope this helps.  I wasted a lot of time before I figured out
>     that the two forward slashes in the file specification was causing
>     the problem.
>
>     _________________________________________
>
>     John I. Moore, Jr.
>
>     SoftMoore Consulting
>
>


Mime
View raw message