You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2007/10/16 15:04:51 UTC
[jira] Issue Comment Edited: (DERBY-857) LDAP user authentication
fails under a security manager
[ https://issues.apache.org/jira/browse/DERBY-857?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12535243 ]
kmarsden edited comment on DERBY-857 at 10/16/07 6:04 AM:
----------------------------------------------------------------
This is the offending code in LDAPAuthenticationSchemeImpl. It is only an issue for a sane build and only with the property derby.debug.true=AuthenticationTrace set, which is probably why it hasn't come up on the user list.
Interestingly, nothing shows up in this file, for successful or unsuccessful connections. Lastly the name of the file CloudLDAP.out is not ideal. I see three options
1) Put a priv block around this code. Change the filename and make sure the bug doesn't reproduce.
2) Remove the code altogether since it is not working.
3) Try to get LDAP tracing working. Suggestions welcome.
if (SanityManager.DEBUG)
{
if (SanityManager.DEBUG_ON(
AuthenticationServiceBase.AuthenticationTrace)) {
try {
initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
new java.io.FileOutputStream("CloudLDAP.out"));
} catch (java.io.IOException ie) {}
}
}
was (Author: kmarsden):
This is the offending code in LDAPAuthenticationSchemeImpl. It is only an issue for a sane build and only with the property derby.debug.true=AuthenticationTrace set, which is probably why it hasn't come up on the user list.
Interestingly, nothing shows up in this file, for successful or unsuccessful connections and the com.sun.naming.ldap.trace.ber, I think is not portable. Lastly the name of the file CloudLDAP.out is not ideal. I see three options
1) Put a priv block around this code. Change the filename and make sure the bug doesn't reproduce.
2) Remove the code altogether since it is not portable/working.
3) Find some portable way to invoke LDAP tracing. Suggestions welcome.
if (SanityManager.DEBUG)
{
if (SanityManager.DEBUG_ON(
AuthenticationServiceBase.AuthenticationTrace)) {
try {
initDirContextEnv.put("com.sun.naming.ldap.trace.ber",
new java.io.FileOutputStream("CloudLDAP.out"));
} catch (java.io.IOException ie) {}
}
}
> LDAP user authentication fails under a security manager
> -------------------------------------------------------
>
> Key: DERBY-857
> URL: https://issues.apache.org/jira/browse/DERBY-857
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.2.1.6
> Reporter: Daniel John Debrunner
> Assignee: Kathey Marsden
>
> Running the test jdbcapi/secureUsers1.sql with a security manager results in:
> > ERROR 08004: Connection refused : javax.naming.CommunicationException: noSuchMachine:389 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission noSuchMachine resolve)]
> Adding this permission to the policy file has no effect. which means a priv block is required around the LDAP call.
> permission java.net.SocketPermission "noSuchMachine", "resolve";
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.