You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kathey Marsden (JIRA)" <ji...@apache.org> on 2012/09/27 18:28:07 UTC
[jira] [Updated] (DERBY-5411) Client that does not have Security
manager permission to connect gets "ERROR 08006: Insufficient data while
reading from the network" Message should be clearer
[ https://issues.apache.org/jira/browse/DERBY-5411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kathey Marsden updated DERBY-5411:
----------------------------------
Description:
I was doing a little remote testing for the release candidate and noticed if a machine does not have permission to connect, then the client shows the following exception:
ij> connect 'jdbc:derby://x.xx.xxx.xx:1527/wombat';
ERROR 08006: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 bytes. The connection has been term
inated.
java.sql.SQLNonTransientConnectionException: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 byte
s. The connection has been terminated.
at org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.client.am.SqlException.getSQLException(Unknown Source)
at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:322)
at java.sql.DriverManager.getConnection(DriverManager.java:297)
at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source)
at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source)
at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.go(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)
Caused by: org.apache.derby.client.am.DisconnectException: Insufficient data while reading from the network - expected a minimum of 6 bytes and receiv
ed only 0 bytes. The connection has been terminated.
at org.apache.derby.client.net.Reply.fill(Unknown Source)
at org.apache.derby.client.net.Reply.ensureALayerDataInBuffer(Unknown Source)
at org.apache.derby.client.net.Reply.readDssHeader(Unknown Source)
at org.apache.derby.client.net.Reply.startSameIdChainParse(Unknown Source)
at org.apache.derby.client.net.NetConnectionReply.readExchangeServerAttributes(Unknown Source)
at org.apache.derby.client.net.NetConnection.readServerAttributesAndKeyExchange(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowServerAttributesAndKeyExchange(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowUSRIDONLconnect(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowConnect(Unknown Source)
at org.apache.derby.client.net.NetConnection.<init>(Unknown Source)
at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source)
at org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown Source)
... 12 more
It would be good to have a clearer error message:
To Reproduce, use the script and policy file below changing the url for derby.codejars to the correct path for your enviroment also in the policy file my.policy exchange x.x.x.x with the permitted host and y.y.y.y with the disallowed host. Then try to connect from the disllowed host with connect 'jdbc:derby://x.x.x.x:1527/wombat';
Script startServer.sh:
java -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
Policy File my.policy (change x.x.x.x and y.y.y.y) to the allowed and disallowed host respectively. )Since the y.y.y.y line is commented it is not really relevant except for testing that remote connections work properly)
grant codeBase "${derby.codejars}derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
permission java.io.FilePermission "${user.dir}${/}-", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
permission java.security.SecurityPermission "getPolicy";
//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.netjava -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
.SocketPermission "*", "connect,resolve";
};
grant codeBase "${derby.codejars}derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients.
//
// Accept connections from any host. Derby is listening to the host
// interface specified via the -h option to "NetworkServerControl
// start" on the command line, via the address parameter to the
// org.apache.derby.drda.NetworkServerControl constructor in the API
// or via the property derby.drda.host; the default is localhost.
// You may want to restrict allowed hosts, e.g. to hosts in a specific
// subdomain, e.g. "*.acme.com".
//permission java.net.SocketPermission "*", "accept,connect,resolve";
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
permission java.net.SocketPermission "localhost", "accept,connect,resolve";
// This is the host we want to connect
permission java.net.SocketPermission "x.x.x.x", "accept,connect,resolve";
// This is the host we want blocked out.
//permission java.net.SocketPermission "y.y.y.y", "accept,connect,resolve";
// This permission is required for tracing
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
};
grant codeBase "${derby.codejars}derbytools.jar"
{
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
// for any property in ij.protocol.*
permission java.util.PropertyPermission "*", "read, write";
// Read all files under ${user.dir}
permission java.io.FilePermission "${user.dir}${/}-", "read";
};
was:
I was doing a little remote testing for the release candidate and noticed if a machine does not have permission to connect, then the client shows the following exception:
ij> connect 'jdbc:derby://9.72.133.41:1527/wombat';
ERROR 08006: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 bytes. The connection has been term
inated.
java.sql.SQLNonTransientConnectionException: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 byte
s. The connection has been terminated.
at org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown Source)
at org.apache.derby.client.am.SqlException.getSQLException(Unknown Source)
at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
at java.sql.DriverManager.getConnection(DriverManager.java:322)
at java.sql.DriverManager.getConnection(DriverManager.java:297)
at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source)
at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source)
at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.go(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)
Caused by: org.apache.derby.client.am.DisconnectException: Insufficient data while reading from the network - expected a minimum of 6 bytes and receiv
ed only 0 bytes. The connection has been terminated.
at org.apache.derby.client.net.Reply.fill(Unknown Source)
at org.apache.derby.client.net.Reply.ensureALayerDataInBuffer(Unknown Source)
at org.apache.derby.client.net.Reply.readDssHeader(Unknown Source)
at org.apache.derby.client.net.Reply.startSameIdChainParse(Unknown Source)
at org.apache.derby.client.net.NetConnectionReply.readExchangeServerAttributes(Unknown Source)
at org.apache.derby.client.net.NetConnection.readServerAttributesAndKeyExchange(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowServerAttributesAndKeyExchange(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowUSRIDONLconnect(Unknown Source)
at org.apache.derby.client.net.NetConnection.flowConnect(Unknown Source)
at org.apache.derby.client.net.NetConnection.<init>(Unknown Source)
at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source)
at org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown Source)
... 12 more
It would be good to have a clearer error message:
To Reproduce, use the script and policy file below changing the url for derby.codejars to the correct path for your enviroment also in the policy file my.policy exchange x.x.x.x with the permitted host and y.y.y.y with the disallowed host. Then try to connect from the disllowed host with connect 'jdbc:derby://x.x.x.x:1527/wombat';
Script startServer.sh:
java -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
Policy File my.policy (change x.x.x.x and y.y.y.y) to the allowed and disallowed host respectively. )Since the y.y.y.y line is commented it is not really relevant except for testing that remote connections work properly)
grant codeBase "${derby.codejars}derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
permission java.io.FilePermission "${user.dir}${/}-", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
permission java.security.SecurityPermission "getPolicy";
//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.netjava -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
.SocketPermission "*", "connect,resolve";
};
grant codeBase "${derby.codejars}derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients.
//
// Accept connections from any host. Derby is listening to the host
// interface specified via the -h option to "NetworkServerControl
// start" on the command line, via the address parameter to the
// org.apache.derby.drda.NetworkServerControl constructor in the API
// or via the property derby.drda.host; the default is localhost.
// You may want to restrict allowed hosts, e.g. to hosts in a specific
// subdomain, e.g. "*.acme.com".
//permission java.net.SocketPermission "*", "accept,connect,resolve";
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
permission java.net.SocketPermission "localhost", "accept,connect,resolve";
// This is the host we want to connect
permission java.net.SocketPermission "x.x.x.x", "accept,connect,resolve";
// This is the host we want blocked out.
//permission java.net.SocketPermission "y.y.y.y", "accept,connect,resolve";
// This permission is required for tracing
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
};
grant codeBase "${derby.codejars}derbytools.jar"
{
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
// for any property in ij.protocol.*
permission java.util.PropertyPermission "*", "read, write";
// Read all files under ${user.dir}
permission java.io.FilePermission "${user.dir}${/}-", "read";
};
> Client that does not have Security manager permission to connect gets "ERROR 08006: Insufficient data while reading from the network" Message should be clearer
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5411
> URL: https://issues.apache.org/jira/browse/DERBY-5411
> Project: Derby
> Issue Type: Bug
> Components: Network Client
> Affects Versions: 10.8.2.2
> Reporter: Kathey Marsden
> Priority: Minor
> Labels: derby_triage10_9
>
> I was doing a little remote testing for the release candidate and noticed if a machine does not have permission to connect, then the client shows the following exception:
> ij> connect 'jdbc:derby://x.xx.xxx.xx:1527/wombat';
> ERROR 08006: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 bytes. The connection has been term
> inated.
> java.sql.SQLNonTransientConnectionException: Insufficient data while reading from the network - expected a minimum of 6 bytes and received only 0 byte
> s. The connection has been terminated.
> at org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown Source)
> at org.apache.derby.client.am.SqlException.getSQLException(Unknown Source)
> at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
> at java.sql.DriverManager.getConnection(DriverManager.java:322)
> at java.sql.DriverManager.getConnection(DriverManager.java:297)
> at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source)
> at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source)
> at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source)
> at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(Unknown Source)
> at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.go(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
> at org.apache.derby.tools.ij.main(Unknown Source)
> Caused by: org.apache.derby.client.am.DisconnectException: Insufficient data while reading from the network - expected a minimum of 6 bytes and receiv
> ed only 0 bytes. The connection has been terminated.
> at org.apache.derby.client.net.Reply.fill(Unknown Source)
> at org.apache.derby.client.net.Reply.ensureALayerDataInBuffer(Unknown Source)
> at org.apache.derby.client.net.Reply.readDssHeader(Unknown Source)
> at org.apache.derby.client.net.Reply.startSameIdChainParse(Unknown Source)
> at org.apache.derby.client.net.NetConnectionReply.readExchangeServerAttributes(Unknown Source)
> at org.apache.derby.client.net.NetConnection.readServerAttributesAndKeyExchange(Unknown Source)
> at org.apache.derby.client.net.NetConnection.flowServerAttributesAndKeyExchange(Unknown Source)
> at org.apache.derby.client.net.NetConnection.flowUSRIDONLconnect(Unknown Source)
> at org.apache.derby.client.net.NetConnection.flowConnect(Unknown Source)
> at org.apache.derby.client.net.NetConnection.<init>(Unknown Source)
> at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source)
> at org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown Source)
> ... 12 more
> It would be good to have a clearer error message:
> To Reproduce, use the script and policy file below changing the url for derby.codejars to the correct path for your enviroment also in the policy file my.policy exchange x.x.x.x with the permitted host and y.y.y.y with the disallowed host. Then try to connect from the disllowed host with connect 'jdbc:derby://x.x.x.x:1527/wombat';
> Script startServer.sh:
> java -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
> Policy File my.policy (change x.x.x.x and y.y.y.y) to the allowed and disallowed host respectively. )Since the y.y.y.y line is commented it is not really relevant except for testing that remote connections work properly)
> grant codeBase "${derby.codejars}derby.jar"
> {
> //
> // These permissions are needed for everyday, embedded Derby usage.
> //
> permission java.lang.RuntimePermission "createClassLoader";
> permission java.util.PropertyPermission "derby.*", "read";
> permission java.util.PropertyPermission "user.dir", "read";
> permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
> "write";
> permission java.io.FilePermission "${user.dir}${/}-", "read";
> permission java.io.FilePermission "${derby.system.home}","read";
> permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
> //
> // This permission lets a DBA reload the policy file while the server
> // is still running. The policy file is reloaded by invoking the
> // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
> //
> permission java.security.SecurityPermission "getPolicy";
> //
> // This permission lets you backup and restore databases
> // to and from arbitrary locations in your file system.
> //
> // This permission also lets you import/export data to and from
> // arbitrary locations in your file system.
> //
> // You may want to restrict this access to specific directories.
> //
> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> permission java.netjava -Djava.security.manager -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl start -h 0.0.0.0
> .SocketPermission "*", "connect,resolve";
> };
> grant codeBase "${derby.codejars}derbynet.jar"
> {
> //
> // This permission lets the Network Server manage connections from clients.
> //
> // Accept connections from any host. Derby is listening to the host
> // interface specified via the -h option to "NetworkServerControl
> // start" on the command line, via the address parameter to the
> // org.apache.derby.drda.NetworkServerControl constructor in the API
> // or via the property derby.drda.host; the default is localhost.
> // You may want to restrict allowed hosts, e.g. to hosts in a specific
> // subdomain, e.g. "*.acme.com".
> //permission java.net.SocketPermission "*", "accept,connect,resolve";
> permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
> permission java.net.SocketPermission "localhost", "accept,connect,resolve";
> // This is the host we want to connect
> permission java.net.SocketPermission "x.x.x.x", "accept,connect,resolve";
> // This is the host we want blocked out.
> //permission java.net.SocketPermission "y.y.y.y", "accept,connect,resolve";
> // This permission is required for tracing
> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> };
> grant codeBase "${derby.codejars}derbytools.jar"
> {
> // Access all properties using System.getProperties -
> // ij enumerates the properties in order to open connections
> // for any property set in ij.connection.* and set protocols
> // for any property in ij.protocol.*
> permission java.util.PropertyPermission "*", "read, write";
>
> // Read all files under ${user.dir}
> permission java.io.FilePermission "${user.dir}${/}-", "read";
> };
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira