Return-Path: X-Original-To: apmail-db-derby-user-archive@www.apache.org Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 76DD1109F9 for ; Thu, 30 Jan 2014 15:00:37 +0000 (UTC) Received: (qmail 99427 invoked by uid 500); 30 Jan 2014 15:00:37 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 99239 invoked by uid 500); 30 Jan 2014 15:00:36 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 99226 invoked by uid 99); 30 Jan 2014 15:00:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jan 2014 15:00:35 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of m.v.lunteren@gmail.com designates 209.85.216.177 as permitted sender) Received: from [209.85.216.177] (HELO mail-qc0-f177.google.com) (209.85.216.177) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Jan 2014 15:00:27 +0000 Received: by mail-qc0-f177.google.com with SMTP id i8so4987230qcq.36 for ; Thu, 30 Jan 2014 07:00:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=+1U9iJJIMAHECnMtreNDWlg8LomciDVLxtVFYsT3jA0=; b=OH9ZzqNjC12o3ugyvDHeW7E2XJNWclY8qbnJg6A9rxDJFisX/OHFo81T6JkFrTBBkR MQ5IZXsCeqSNlTio55Msaiix8v2b+jDz4+kXNe8EW7m8Qfa5pI/TeYIRvAvUYJoMhIUD krOVEhHr1EfSIYBYXCwBabrQBrbG9s6CkCHJjvNVq7SUsX4/Bp1S7tw1f8p4LgD10+Ir kv7H6/iaApEUCP3B4uXFWQ7qLunTOMjOWoyPPIAv5iPj8COBUKRHONb0z8wiW8ptqxS3 3pXayrRL2ktOrWcnn5KmGMh+ZJHWBIjoc4NFn5nLWPkXy6y/6ZXq4/RsSLqKUxQNXq/J O7NQ== MIME-Version: 1.0 X-Received: by 10.224.55.197 with SMTP id v5mr22644056qag.9.1391094006598; Thu, 30 Jan 2014 07:00:06 -0800 (PST) Received: by 10.96.38.34 with HTTP; Thu, 30 Jan 2014 07:00:06 -0800 (PST) In-Reply-To: <000301cf1dc7$6b0e7240$412b56c0$@net> References: <000301cf1dc7$6b0e7240$412b56c0$@net> Date: Thu, 30 Jan 2014 07:00:06 -0800 Message-ID: Subject: Re: Configuring a Server Policy for Derby on Windows From: Myrna van Lunteren To: Derby Discussion , jmoore@softmoore.com Content-Type: multipart/alternative; boundary=001a11c2ef8e1cd7b504f131506e X-Virus-Checked: Checked by ClamAV on apache.org --001a11c2ef8e1cd7b504f131506e Content-Type: text/plain; charset=ISO-8859-1 Hi John, Thanks for the write-up! I'm sorry you had to struggle through the url file: syntax - I did too, and updated DERBY-6438 with my findings. We should probably fix the documentation. Myrna On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. wrote: > I am sending this email to the Derby user list with the hope that I can > save someone time and frustration when trying to run the Derby network > server on Windows with the latest version of Java (currently 1.7.0_51). > With the latest version of Java, it is no longer possible to use the batch > file "startNetworkServer.bat" to start the network server. If you run > derby under Linux or some variation of Unix, or if you are already familiar > with how to use a server policy file with Derby, you can probably ignore > this message. (Note to Derby developers: You might want to add some of > the descriptions below to the appropriate pages in the Derby documentation, > especially > https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html > .) > > > > To run the Derby network server on Windows, you will need to download a > copy of the server policy file 1010_server.policy from > https://issues.apache.org/jira/browse/DERBY-6438 and edit it for your use > or define appropriate system properties when starting the Derby network > server. I will give an example for editing the file. > > > > When editing the file, replace "${derby.install.url}" with the full path > name for the Derby jar files in the four sections that start with "*grant > codebase*". The syntax is a little tricky. For example, assume that > derby has been installed in C:\Java\db-derby-10.10.1.1-bin. You use a " > file:" specification, but you need to use forward slashes, not back > slashes. Also, the file specification can contain zero, one, or three > forward slashes, but not two. Thus, any of the following will work > > grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > but not > > grant codeBase "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > > > This is an important point since the sample files in the Derby Developer's > Guide seem to imply that two slashes are acceptable - see > http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html. > If you use two slashes in you file specification, you will get an error > message similar to the following: > > > > Thu Jan 30 09:09:33 EST 2014 : access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") > > java.security.AccessControlException: access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") > > at java.security.AccessControlContext.checkPermission(Unknown > Source) > > at java.security.AccessController.checkPermission(Unknown Source) > > at java.lang.SecurityManager.checkPermission(Unknown Source) > > at java.lang.System.setProperty(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at java.security.AccessController.doPrivileged(Native Method) > > at org.apache.derby.drda.NetworkServerControl.main(Unknown Source) > > at org.apache.derby.iapi.tools.run.main(Unknown Source) > > > > You also need to replace "${derby.security.port}" with the appropriate > port number (e.g., 1527). Alternatively, you can define " > ${derby.security.port}" in your call to start the Derby network server, > as in "-Dderby.security.port=1527". Other policy file parameters can be > handled similarly, but these are the most important ones, and these changes > are the minimum needed to get the Derby network server started. > > > > I saved the policy file in my DERBY_HOME directory as simply server.policy, > and I edited only the four "grant codebase" sections as described above. > I can then start the Derby network server using a command similar to the > following (which I placed in a batch file): > > start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 > -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy > -jar %DERBY_HOME%\lib\derbyrun.jar server start > > > > Alternatively, if your class path contains the appropriate Derby jar files > (which can ensure by running %DERBY_HOME%\bin\setNetworkServerCP.bat), > you can start the Derby network server using the following: > > start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 > -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy > org.apache.derby.drda.NetworkServerControl start > > > > I hope this helps. I wasted a lot of time before I figured out that the > two forward slashes in the file specification was causing the problem. > > > > _________________________________________ > > > > John I. Moore, Jr. > > SoftMoore Consulting > > > --001a11c2ef8e1cd7b504f131506e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
Hi John,

Thanks for the write-= up!

I'm sorry you had to struggle through the u= rl file: syntax  - I did too, and updated DERBY-6438 with my findings.=

We should probably fix the documentation.

=
Myrna



On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. = <softmoore@att.net> wrote:

I am sending this email to the Derby use= r list with the hope that I can save someone time and frustration when tryi= ng to run the Derby network server on Windows with the latest version of Ja= va (currently 1.7.0_51).  With the latest version of Java, it is no lo= nger possible to use the batch file “startNetworkServer.bat” to start the network server. = ; If you run derby under Linux or some variation of Unix, or if you are alr= eady familiar with how to use a server policy file with Derby, you can prob= ably ignore this message.  (Note to Derby developers:  You might = want to add some of the descriptions below to the appropriate pages in the = Derby documentation, especially https://db.apa= che.org/derby/docs/10.4/adminguide/tadminnetservcustom.html.)=

 

To ru= n the Derby network server on Windows, you will need to download a copy of = the server policy file 1010_server.pol= icy from https://issues.apache.org/jira/browse/DERBY-6438 an= d edit it for your use or define appropriate system properties when startin= g the Derby network server.  I will give an example for editing the fi= le.

 

When = editing the file, replace “${der= by.install.url}” with the full path name for the Derby jar fil= es in the four sections that start with “grant codebase”= .  The syntax is a little tricky.  For example, assume that derby= has been installed in C:\Java\db-derb= y-10.10.1.1-bin.  You use a “file:” specification, but you need to use forward sla= shes, not back slashes.  Also, the file specification can contain zero= , one, or three forward slashes, but not two.  Thus, any of the follow= ing will work

  &nb= sp;  grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derb= y.jar"

     grant codeBase "file:/C:= /Java/db-derby-10.10.1.1-bin/lib/derby.jar"

  &nb= sp;  grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/li= b/derby.jar"

but no= t

     grant codeBas= e "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar"=

 

This is an important point since the sample files in the D= erby Developer's Guide seem to imply that two slashes are acceptable &n= dash; see http://db.apache.org/derby/docs/10.10/de= vguide/cdevcsecure871387.html.  If you use two slashes in you file= specification, you will get an error message similar to the following:<= /u>

 

Thu Jan 30 09:09:33 EST 2014 : access denie= d ("java.util.PropertyPermission" "derby.__serverStartedFrom= CmdLine" "write")

java.security.A= ccessControlException: access denied ("java.util.PropertyPermission&qu= ot; "derby.__serverStartedFromCmdLine" "write")<= u>

  &nb= sp;     at java.security.AccessControlContext.checkPerm= ission(Unknown Source)

        = at java.security.AccessController.checkPermission(Unknown Source)=

  &nb= sp;     at java.lang.SecurityManager.checkPermission(Un= known Source)

        at java.l= ang.System.setProperty(Unknown Source)

  &nb= sp;     at org.apache.derby.drda.NetworkServerControl$1= .run(Unknown Source)

        at= org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)=

  &nb= sp;     at java.security.AccessController.doPrivileged(= Native Method)

        at org= .apache.derby.drda.NetworkServerControl.main(Unknown Source)<= /span>

  &nb= sp;     at org.apache.derby.iapi.tools.run.main(Unknown= Source)

 

You also need to replace “${derby.security.port}” with the appropr= iate port number (e.g., 1527).   Alternatively, you can define &l= dquo;${derby.security.port}&rdq= uo; in your call to start the Derby network server, as in “-Dderby.security.port=3D1527”. = ; Other policy file parameters can be handled similarly, but these are the = most important ones, and these changes are the minimum needed to get the De= rby network server started.

 

I sav= ed the policy file in my DERBY_HOME directory as simply server.policy, and I edited only the four “<= span style=3D"font-family:Consolas">grant codebase” sections a= s described above.  I can then start the Derby network server using a = command similar to the following (which I placed in a batch file):

start java -Dde= rby.system.home=3D%DERBY_HOME% -Dderby.security.port=3D1527 -Djava.security= .manager -Djava.security.policy=3D%DERBY_HOME%\server.policy -jar %DERBY_HO= ME%\lib\derbyrun.jar server start

 

Alter= natively, if your class path contains the appropriate Derby jar files (whic= h can ensure by running %DERBY_HOME%\b= in\setNetworkServerCP.bat), you can start the Derby network server u= sing the following:

start java -Dde= rby.system.home=3D%DERBY_HOME% -Dderby.security.port=3D1527 -Djava.security= .manager -Djava.security.policy=3D%DERBY_HOME%\server.policy org.apache.der= by.drda.NetworkServerControl start

 

I hop= e this helps.  I wasted a lot of time before I figured out that the tw= o forward slashes in the file specification was causing the problem.=

 

= _________________________________________

 

John I. Moore, Jr.=

SoftMoore Consulting

 


<= /div> --001a11c2ef8e1cd7b504f131506e--