Return-Path: X-Original-To: apmail-db-derby-user-archive@www.apache.org Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B31D010C13 for ; Thu, 30 Jan 2014 15:49:13 +0000 (UTC) Received: (qmail 98407 invoked by uid 500); 30 Jan 2014 15:49:13 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 98357 invoked by uid 500); 30 Jan 2014 15:49:13 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 98350 invoked by uid 99); 30 Jan 2014 15:49:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jan 2014 15:49:12 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of dag.wanvik@oracle.com designates 141.146.126.69 as permitted sender) Received: from [141.146.126.69] (HELO aserp1040.oracle.com) (141.146.126.69) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jan 2014 15:49:04 +0000 Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s0UFmfhL016077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 30 Jan 2014 15:48:42 GMT Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0UFmffh008218 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Thu, 30 Jan 2014 15:48:41 GMT Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0UFmecx008202 for ; Thu, 30 Jan 2014 15:48:40 GMT Received: from [10.175.51.31] (/10.175.51.31) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 30 Jan 2014 07:48:40 -0800 Message-ID: <52EA7429.3020405@oracle.com> Date: Thu, 30 Jan 2014 16:47:53 +0100 From: dag wanvik Organization: Oracle Corporation User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: derby-user@db.apache.org, "CAMILLA.HAASE" Subject: Re: Configuring a Server Policy for Derby on Windows References: <000301cf1dc7$6b0e7240$412b56c0$@net> In-Reply-To: Content-Type: multipart/alternative; boundary="------------040100030502000407030405" X-Source-IP: ucsinet21.oracle.com [156.151.31.93] X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. --------------040100030502000407030405 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit The slashes in a file URL is explained in this Wikipedia entry: http://en.wikipedia.org/wiki/File_URI_scheme#Meaning_of_slash_character *file:///host///path/* Things to notice: * "If /host/ is omitted, it is taken to be "localhost", the machine from which the URL is being interpreted. Note that when omitting host you do not omit the slash ("file:///foo.txt" is okay, while "file://foo.txt" is not, although some interpreters manage to handle the latter)." * "The double slash // should always appear in a file URL according to the specification, but in practice many Web browsers allow you to omit it)" * "the URI as understood by the Windows Shell API is e.g. "file:///c:/WINDOWS/clock.avi" So, three slashes is OK: it means the host is omitted (default). Zero and one slash would indicate that the "//host" part is omitted, cf the lenience allowed mentioned above. Just a double slash followed by the file path (e.g. //C:/....), would be wrong, since "C:" is not a host name. So, our docs are wrong here. Thanks, Dag On 30.01.2014 16:00, Myrna van Lunteren wrote: > Hi John, > > Thanks for the write-up! > > I'm sorry you had to struggle through the url file: syntax - I did > too, and updated DERBY-6438 with my findings. > > We should probably fix the documentation. > > Myrna > > > > On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. > wrote: > > I am sending this email to the Derby user list with the hope that > I can save someone time and frustration when trying to run the > Derby network server on Windows with the latest version of Java > (currently 1.7.0_51). With the latest version of Java, it is no > longer possible to use the batch file "startNetworkServer.bat" to > start the network server. If you run derby under Linux or some > variation of Unix, or if you are already familiar with how to use > a server policy file with Derby, you can probably ignore this > message. (Note to Derby developers: You might want to add some > of the descriptions below to the appropriate pages in the Derby > documentation, especially > https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html.) > > To run the Derby network server on Windows, you will need to > download a copy of the server policy file 1010_server.policy from > https://issues.apache.org/jira/browse/DERBY-6438 and edit it for > your use or define appropriate system properties when starting the > Derby network server. I will give an example for editing the file. > > When editing the file, replace "${derby.install.url}" with the > full path name for the Derby jar files in the four sections that > start with "*grant codebase*". The syntax is a little tricky. For > example, assume that derby has been installed in > C:\Java\db-derby-10.10.1.1-bin. You use a "file:" specification, > but you need to use forward slashes, not back slashes. Also, the > file specification can contain zero, one, or three forward > slashes, but not two. Thus, any of the following will work > > grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > but not > > grant codeBase > "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > This is an important point since the sample files in the Derby > Developer's Guide seem to imply that two slashes are acceptable -- > see > http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html. > If you use two slashes in you file specification, you will get an > error message similar to the following: > > Thu Jan 30 09:09:33 EST 2014 : access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" > "write") > > java.security.AccessControlException: access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" > "write") > > at java.security.AccessControlContext.checkPermission(Unknown Source) > > at java.security.AccessController.checkPermission(Unknown Source) > > at java.lang.SecurityManager.checkPermission(Unknown Source) > > at java.lang.System.setProperty(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at java.security.AccessController.doPrivileged(Native Method) > > at org.apache.derby.drda.NetworkServerControl.main(Unknown Source) > > at org.apache.derby.iapi.tools.run.main(Unknown Source) > > You also need to replace "${derby.security.port}" with the > appropriate port number (e.g., 1527). Alternatively, you can > define "${derby.security.port}" in your call to start the Derby > network server, as in "-Dderby.security.port=1527". Other policy > file parameters can be handled similarly, but these are the most > important ones, and these changes are the minimum needed to get > the Derby network server started. > > I saved the policy file in my DERBY_HOME directory as simply > server.policy, and I edited only the four "grant codebase" > sections as described above. I can then start the Derby network > server using a command similar to the following (which I placed in > a batch file): > > start java -Dderby.system.home=%DERBY_HOME% > -Dderby.security.port=1527 -Djava.security.manager > -Djava.security.policy=%DERBY_HOME%\server.policy -jar > %DERBY_HOME%\lib\derbyrun.jar server start > > Alternatively, if your class path contains the appropriate Derby > jar files (which can ensure by running > %DERBY_HOME%\bin\setNetworkServerCP.bat), you can start the Derby > network server using the following: > > start java -Dderby.system.home=%DERBY_HOME% > -Dderby.security.port=1527 -Djava.security.manager > -Djava.security.policy=%DERBY_HOME%\server.policy > org.apache.derby.drda.NetworkServerControl start > > I hope this helps. I wasted a lot of time before I figured out > that the two forward slashes in the file specification was causing > the problem. > > _________________________________________ > > John I. Moore, Jr. > > SoftMoore Consulting > > --------------040100030502000407030405 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit The slashes in a file URL is explained in this Wikipedia entry:

http://en.wikipedia.org/wiki/File_URI_scheme#Meaning_of_slash_character
file://host/path
Things to notice:

* "If host is omitted, it is taken to be "localhost", the machine from which the URL is being interpreted. Note that when omitting host you do not omit the slash ("file:///foo.txt" is okay, while "file://foo.txt" is not, although some interpreters manage to handle the latter)."

* "The double slash // should always appear in a file URL according to the specification, but in practice many Web browsers allow you to omit it)"

* "the URI as understood by the Windows Shell API is e.g. "file:///c:/WINDOWS/clock.avi"

So, three slashes is OK: it means the host is omitted (default).
Zero and one slash would indicate that the "//host" part is omitted, cf the lenience allowed mentioned above.

Just a double slash followed by the file path (e.g. //C:/....), would be wrong, since "C:" is not a host name.

So, our docs are wrong here.

Thanks,
Dag



On 30.01.2014 16:00, Myrna van Lunteren wrote:
Hi John,

Thanks for the write-up!

I'm sorry you had to struggle through the url file: syntax  - I did too, and updated DERBY-6438 with my findings.

We should probably fix the documentation.

Myrna



On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. <softmoore@att.net> wrote:

I am sending this email to the Derby user list with the hope that I can save someone time and frustration when trying to run the Derby network server on Windows with the latest version of Java (currently 1.7.0_51).  With the latest version of Java, it is no longer possible to use the batch file “startNetworkServer.bat” to start the network server.  If you run derby under Linux or some variation of Unix, or if you are already familiar with how to use a server policy file with Derby, you can probably ignore this message.  (Note to Derby developers:  You might want to add some of the descriptions below to the appropriate pages in the Derby documentation, especially https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html.)

 

To run the Derby network server on Windows, you will need to download a copy of the server policy file 1010_server.policy from https://issues.apache.org/jira/browse/DERBY-6438 and edit it for your use or define appropriate system properties when starting the Derby network server.  I will give an example for editing the file.

 

When editing the file, replace “${derby.install.url}” with the full path name for the Derby jar files in the four sections that start with “grant codebase”.  The syntax is a little tricky.  For example, assume that derby has been installed in C:\Java\db-derby-10.10.1.1-bin.  You use a “file:” specification, but you need to use forward slashes, not back slashes.  Also, the file specification can contain zero, one, or three forward slashes, but not two.  Thus, any of the following will work

     grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"

     grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"

     grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"

but not

     grant codeBase "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"

 

This is an important point since the sample files in the Derby Developer's Guide seem to imply that two slashes are acceptable – see http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html.  If you use two slashes in you file specification, you will get an error message similar to the following:

 

Thu Jan 30 09:09:33 EST 2014 : access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")

java.security.AccessControlException: access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")

        at java.security.AccessControlContext.checkPermission(Unknown Source)

        at java.security.AccessController.checkPermission(Unknown Source)

        at java.lang.SecurityManager.checkPermission(Unknown Source)

        at java.lang.System.setProperty(Unknown Source)

        at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)

        at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)

        at java.security.AccessController.doPrivileged(Native Method)

        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)

        at org.apache.derby.iapi.tools.run.main(Unknown Source)

 

You also need to replace “${derby.security.port}” with the appropriate port number (e.g., 1527).   Alternatively, you can define “${derby.security.port}” in your call to start the Derby network server, as in “-Dderby.security.port=1527”.  Other policy file parameters can be handled similarly, but these are the most important ones, and these changes are the minimum needed to get the Derby network server started.

 

I saved the policy file in my DERBY_HOME directory as simply server.policy, and I edited only the four “grant codebase” sections as described above.  I can then start the Derby network server using a command similar to the following (which I placed in a batch file):

start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy -jar %DERBY_HOME%\lib\derbyrun.jar server start

 

Alternatively, if your class path contains the appropriate Derby jar files (which can ensure by running %DERBY_HOME%\bin\setNetworkServerCP.bat), you can start the Derby network server using the following:

start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy org.apache.derby.drda.NetworkServerControl start

 

I hope this helps.  I wasted a lot of time before I figured out that the two forward slashes in the file specification was causing the problem.

 

_________________________________________

 

John I. Moore, Jr.

SoftMoore Consulting

 



--------------040100030502000407030405--