You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Kathey Marsden <km...@sbcglobal.net> on 2009/05/29 01:38:42 UTC
Questions about policy file and multiple FilePermission lines
I am working with a user that is using the network server default
server.policy file and having an interesting problem. They create their
database with an absolute path and *sometimes* they get the permission
error below. When they get the failure and set java.security.debug to
access:failure. They see only two or three of the file permissions
getting loaded instead of the four that we have in the file for derby.jar.
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
The user rebuilt derby with only the permission java.io.FilePermission
"<<ALL FILES>>", "read,write,delete"; FilePermission in the
server.policy file and doesn't see the issue.
I actually haven't reproduced this issue on my machine with almost the
same revision JVM. I see all 4 permissions listed and have no problem
creating a database with an absolute path.
They are using:
Java(TM) SE Runtime Environment (build pwi3260sr3-20081106_07(SR3))
IBM J9 VM (build 2.4, J2RE 1.6.0 IBM J9 2.4 Windows XP x86-32
jvmwi3260-20081105_25433 (JIT enabled, AOT enabled)
J9VM - 20081105_025433_lHdSMr
JIT - r9_20081031_1330
GC - 20081027_AB)
JCL - 20081106_01
They start their network server with an ant script.
I wonder how java should handle having permission
java.io.FilePermission "<<ALL FILES>>", "read"; and
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
Should the JVM be smart enough to figure out the more liberal one and go
with that? Do we need to keep all four of these or would just the one
suffice?
Here is the error:
ERROR XBM0H: Directory
D:\<snip path to database>
cannot be created.
at
org.apache.derby.iapi.error.StandardException.newException(Unkno
wn Source)
at
org.apache.derby.impl.services.monitor.StorageFactoryService.cre
ateServiceRoot(Unknown Source)
at
org.apache.derby.impl.services.monitor.BaseMonitor.bootService(U
nknown Source)
at
org.apache.derby.impl.services.monitor.BaseMonitor.createPersist
entService(Unknown Source)
at
org.apache.derby.iapi.services.monitor.Monitor.createPersistentS
ervice(Unknown Source)
at
org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(Unknow
n Source)
at
org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown
Source)
at
org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown
Source)
at org.apache.derby.jdbc.InternalDriver.connect(Unknown
Source)
at
org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
at
org.apache.derby.impl.drda.Database.makeConnection(Unknown
Source)
at
org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseNam
e(Unknown Source)
at
org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword(U
nknown Source)
at
org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(Unknown
Source)
at
org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection(Un
known Source)
at
org.apache.derby.impl.drda.DRDAConnThread.processCommands(Unknow
n Source)
at
org.apache.derby.impl.drda.DRDAConnThread.run(Unknown Source)
Caused by: java.security.AccessControlException: Access denied
(java.io.FilePermission
D:\<snip path to database>
write)
at
java.security.AccessController.checkPermission(AccessController.
java:108)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:5
32)
at
java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
at java.io.File.mkdir(File.java:1167)
at java.io.File.mkdirs(File.java:1196)
at
org.apache.derby.impl.services.monitor.StorageFactoryService$9.r
un(Unknown Source)
at
java.security.AccessController.doPrivileged(AccessController.jav
a:251)
at
org.apache.derby.impl.services.monitor.StorageFactoryService.cre
ateServiceRoot(Unknown Source)
at
org.apache.derby.impl.services.monitor.BaseMonitor.bootService(U
nknown Source)
Here is how I am trying to reproduce based on their description:
start with:
java -Djava.security.debug="access:failure" -Dderby.system.home=C:/tmp
-classpath
"C:/svn/10.3/jars/sane/derbyclient.jar;C:/svn/10.3/jars/sane/derbytools.jar;C:/svn/10.3/jars/sane/derbynet.jar"
org.apache.derby.drda.NetworkServerControl start -h <my machine> -p 1692
and connecting with ij with:
connect 'jdbc:derby://<my machine>:1692/C:\path\to\MYDB;create=true';
but like I said I haven't been able to reproduce so far.
Kathey
Re: Questions about policy file and multiple FilePermission lines
Posted by Kathey Marsden <km...@sbcglobal.net>.
Rick Hillegas wrote:
> Yes. Please see the following description from section 3.3.4
> (Assigning Permissions) of the Java security spec (
> http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc3.html
> ):
>
> "If multiple entries are matched, then all the permissions given in
> those entries are granted. In other words, permission assignment is
> additive."
>
Thanks Rick for the reference. I will start looking into this as a JVM bug.
Kathey
Re: Questions about policy file and multiple FilePermission lines
Posted by Rick Hillegas <Ri...@Sun.COM>.
Hi Kathey,
Some comments inline...
Kathey Marsden wrote:
> I am working with a user that is using the network server default
> server.policy file and having an interesting problem. They create
> their database with an absolute path and *sometimes* they get the
> permission error below. When they get the failure and set
> java.security.debug to access:failure. They see only two or three of
> the file permissions getting loaded instead of the four that we have
> in the file for derby.jar.
>
> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> permission java.io.FilePermission "<<ALL FILES>>", "read";
> permission java.io.FilePermission "${derby.system.home}","read";
> permission java.io.FilePermission "${derby.system.home}${/}-",
> "read,write,delete";
>
> The user rebuilt derby with only the permission java.io.FilePermission
> "<<ALL FILES>>", "read,write,delete"; FilePermission in the
> server.policy file and doesn't see the issue.
>
> I actually haven't reproduced this issue on my machine with almost
> the same revision JVM. I see all 4 permissions listed and have no
> problem creating a database with an absolute path.
> They are using:
> Java(TM) SE Runtime Environment (build pwi3260sr3-20081106_07(SR3))
> IBM J9 VM (build 2.4, J2RE 1.6.0 IBM J9 2.4 Windows XP x86-32
> jvmwi3260-20081105_25433 (JIT enabled, AOT enabled)
> J9VM - 20081105_025433_lHdSMr
> JIT - r9_20081031_1330
> GC - 20081027_AB)
> JCL - 20081106_01
>
> They start their network server with an ant script.
>
> I wonder how java should handle having permission
> java.io.FilePermission "<<ALL FILES>>", "read"; and permission
> java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
>
> Should the JVM be smart enough to figure out the more liberal one and
> go with that?
Yes. Please see the following description from section 3.3.4 (Assigning
Permissions) of the Java security spec (
http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-spec.doc3.html
):
"If multiple entries are matched, then all the permissions given in
those entries are granted. In other words, permission assignment is
additive."
> Do we need to keep all four of these or would just the one suffice?
For the default security file, we only need the most liberal permission.
For the template security file, we should keep all of the permissions as
examples of what can/should be customized.
Hope this is useful,
-Rick
>
> Here is the error:
>
> ERROR XBM0H: Directory D:\<snip path to database> cannot be created.
> at
> org.apache.derby.iapi.error.StandardException.newException(Unkno
> wn Source)
> at
> org.apache.derby.impl.services.monitor.StorageFactoryService.cre
> ateServiceRoot(Unknown Source)
> at
> org.apache.derby.impl.services.monitor.BaseMonitor.bootService(U
> nknown Source)
> at
> org.apache.derby.impl.services.monitor.BaseMonitor.createPersist
> entService(Unknown Source)
> at
> org.apache.derby.iapi.services.monitor.Monitor.createPersistentS
> ervice(Unknown Source)
> at
> org.apache.derby.impl.jdbc.EmbedConnection.createDatabase(Unknow
> n Source)
> at org.apache.derby.impl.jdbc.EmbedConnection.<init>(Unknown
> Source)
> at org.apache.derby.jdbc.Driver40.getNewEmbedConnection(Unknown
> Source)
> at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
> at org.apache.derby.jdbc.AutoloadedDriver.connect(Unknown Source)
> at org.apache.derby.impl.drda.Database.makeConnection(Unknown
> Source)
> at
> org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseNam
> e(Unknown Source)
> at
> org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword(U
> nknown Source)
> at
> org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(Unknown Source)
> at
> org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection(Un
> known Source)
> at
> org.apache.derby.impl.drda.DRDAConnThread.processCommands(Unknow
> n Source)
> at org.apache.derby.impl.drda.DRDAConnThread.run(Unknown Source)
> Caused by: java.security.AccessControlException: Access denied
> (java.io.FilePermission D:\<snip path to database> write)
> at
> java.security.AccessController.checkPermission(AccessController.
> java:108)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:5
> 32)
> at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
> at java.io.File.mkdir(File.java:1167)
> at java.io.File.mkdirs(File.java:1196)
> at
> org.apache.derby.impl.services.monitor.StorageFactoryService$9.r
> un(Unknown Source)
> at
> java.security.AccessController.doPrivileged(AccessController.jav
> a:251)
> at
> org.apache.derby.impl.services.monitor.StorageFactoryService.cre
> ateServiceRoot(Unknown Source)
> at
> org.apache.derby.impl.services.monitor.BaseMonitor.bootService(U
> nknown Source)
>
>
> Here is how I am trying to reproduce based on their description:
> start with:
>
> java -Djava.security.debug="access:failure"
> -Dderby.system.home=C:/tmp -classpath
> "C:/svn/10.3/jars/sane/derbyclient.jar;C:/svn/10.3/jars/sane/derbytools.jar;C:/svn/10.3/jars/sane/derbynet.jar"
> org.apache.derby.drda.NetworkServerControl start -h <my machine> -p 1692
>
> and connecting with ij with:
> connect 'jdbc:derby://<my machine>:1692/C:\path\to\MYDB;create=true';
>
> but like I said I haven't been able to reproduce so far.
>
> Kathey
>