db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Myrna van Lunteren <m.v.lunte...@gmail.com>
Subject Re: Configuring a Server Policy for Derby on Windows
Date Thu, 30 Jan 2014 15:00:06 GMT
Hi John,

Thanks for the write-up!

I'm sorry you had to struggle through the url file: syntax  - I did too,
and updated DERBY-6438 with my findings.

We should probably fix the documentation.

Myrna



On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. <softmoore@att.net>wrote:

> I am sending this email to the Derby user list with the hope that I can
> save someone time and frustration when trying to run the Derby network
> server on Windows with the latest version of Java (currently 1.7.0_51).
> With the latest version of Java, it is no longer possible to use the batch
> file "startNetworkServer.bat" to start the network server.  If you run
> derby under Linux or some variation of Unix, or if you are already familiar
> with how to use a server policy file with Derby, you can probably ignore
> this message.  (Note to Derby developers:  You might want to add some of
> the descriptions below to the appropriate pages in the Derby documentation,
> especially
> https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html
> .)
>
>
>
> To run the Derby network server on Windows, you will need to download a
> copy of the server policy file 1010_server.policy from
> https://issues.apache.org/jira/browse/DERBY-6438 and edit it for your use
> or define appropriate system properties when starting the Derby network
> server.  I will give an example for editing the file.
>
>
>
> When editing the file, replace "${derby.install.url}" with the full path
> name for the Derby jar files in the four sections that start with "*grant
> codebase*".  The syntax is a little tricky.  For example, assume that
> derby has been installed in C:\Java\db-derby-10.10.1.1-bin.  You use a "
> file:" specification, but you need to use forward slashes, not back
> slashes.  Also, the file specification can contain zero, one, or three
> forward slashes, but not two.  Thus, any of the following will work
>
>      grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>      grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>      grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
> but not
>
>      grant codeBase "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"
>
>
>
> This is an important point since the sample files in the Derby Developer's
> Guide seem to imply that two slashes are acceptable - see
> http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html.
> If you use two slashes in you file specification, you will get an error
> message similar to the following:
>
>
>
> Thu Jan 30 09:09:33 EST 2014 : access denied
> ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
>
> java.security.AccessControlException: access denied
> ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
>
>         at java.security.AccessControlContext.checkPermission(Unknown
> Source)
>
>         at java.security.AccessController.checkPermission(Unknown Source)
>
>         at java.lang.SecurityManager.checkPermission(Unknown Source)
>
>         at java.lang.System.setProperty(Unknown Source)
>
>         at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
>
>         at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
>
>         at org.apache.derby.iapi.tools.run.main(Unknown Source)
>
>
>
> You also need to replace "${derby.security.port}" with the appropriate
> port number (e.g., 1527).   Alternatively, you can define "
> ${derby.security.port}" in your call to start the Derby network server,
> as in "-Dderby.security.port=1527".  Other policy file parameters can be
> handled similarly, but these are the most important ones, and these changes
> are the minimum needed to get the Derby network server started.
>
>
>
> I saved the policy file in my DERBY_HOME directory as simply server.policy,
> and I edited only the four "grant codebase" sections as described above.
> I can then start the Derby network server using a command similar to the
> following (which I placed in a batch file):
>
> start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527
> -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy
> -jar %DERBY_HOME%\lib\derbyrun.jar server start
>
>
>
> Alternatively, if your class path contains the appropriate Derby jar files
> (which can ensure by running %DERBY_HOME%\bin\setNetworkServerCP.bat),
> you can start the Derby network server using the following:
>
> start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527
> -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy
> org.apache.derby.drda.NetworkServerControl start
>
>
>
> I hope this helps.  I wasted a lot of time before I figured out that the
> two forward slashes in the file specification was causing the problem.
>
>
>
> _________________________________________
>
>
>
> John I. Moore, Jr.
>
> SoftMoore Consulting
>
>
>

Mime
View raw message