You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Dag H. Wanvik (JIRA)" <ji...@apache.org> on 2007/07/23 17:00:34 UTC
[jira] Issue Comment Edited: (DERBY-2963) AccessControlException:
Access denied java.net.SocketPermission accept,resolve
[ https://issues.apache.org/jira/browse/DERBY-2963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12514645 ]
Dag H. Wanvik edited comment on DERBY-2963 at 7/23/07 7:59 AM:
---------------------------------------------------------------
I also see the issue regardless of whether derbyrun.jar is used or not (IPv4,
on Solaris).
It seems the default policy file installed intentionally does *not*
open access to remote clients. I am not sure, but I seem to remember
this being discussed (DERBY-2196) and found to be acceptable? However,
the release notes do not indicate this, which would seem to indicate
it is not the intended behavior, in which case it is a bug, not a
"feature".
Changing this line in server.policy:
permission java.net.SocketPermission "${derby.security.host}", "accept";
to:
permission java.net.SocketPermission "*", "accept";
lets me connect from any host to the interface name given in -h option.
was:
I also see the issue regardless of whether derbyrun.jar is used or not.
It seems the default policy file installed intentionally does *not*
open access to remote clients. I am not sure, but I seem to remember
this being discussed (DERBY-2196) and found to be acceptable? However,
the release notes do not indicate this, which would seem to indicate
it is not the intended behavior, in which case it is a bug, not a
"feature".
Changing this line in server.policy:
permission java.net.SocketPermission "${derby.security.host}", "accept";
to:
permission java.net.SocketPermission "*", "accept";
lets me connect from any host to the interface name given in -h option.
> AccessControlException: Access denied java.net.SocketPermission <client ip> accept,resolve
> ------------------------------------------------------------------------------------------
>
> Key: DERBY-2963
> URL: https://issues.apache.org/jira/browse/DERBY-2963
> Project: Derby
> Issue Type: Bug
> Components: Network Server
> Affects Versions: 10.3.1.2
> Environment: SuseLinux 10
> IBM JVM 1.5
> Reporter: Daniel John Debrunner
> Priority: Blocker
>
> I start the server using an ipv4 address
> java derbyrun.jar server start -h x.x.x.x
> Then I connect from a remote client and hit an AccessControlException
> The ip in the exception is that of the *client*, not the server.
> This setup works in 10.2.2.0.
> Same problem if the hostname is in derby.properties
> Problem can be worked around by using -noSecurityManager when starting the server
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.