You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Kristian Waagan (JIRA)" <ji...@apache.org> on 2007/05/10 12:27:15 UTC

[jira] Reopened: (DERBY-2556) Code paths for db restore do not use doPrivileged-calls, causing SecurityException

     [ https://issues.apache.org/jira/browse/DERBY-2556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kristian Waagan reopened DERBY-2556:
------------------------------------


Reopening the issue due to failures in the tinderbox test.

Stack trace with debug/sane information below, and the traces look the same for all failures.

============= begin nested exception, level (1) ===========
java.sql.SQLException: Java exception: 'access denied (java.io.FilePermission extinout/backups/encryptionKeyDBToCreateFrom read): java.security.AccessControlException'.
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
    at java.security.AccessController.checkPermission(AccessController.java:427)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
    at java.io.File.list(File.java:935)
    at org.apache.derby.impl.store.raw.data.BaseDataFileFactory.restoreDataDirectory(BaseDataFileFactory.java:2516)
    at org.apache.derby.impl.store.raw.data.BaseDataFileFactory.boot(BaseDataFileFactory.java:349)
    at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1994)
    at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:291)
    at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:546)
    at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:419)
    at org.apache.derby.impl.store.raw.RawStore.boot(RawStore.java:183)
    at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1994)
    at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:291)
    at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:546)
    at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:419)
    at org.apache.derby.impl.store.access.RAMAccessManager.boot(RAMAccessManager.java:985)
    at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1994)
    at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:291)
    at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:546)
    at org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:419)
    at org.apache.derby.impl.db.BasicDatabase.bootStore(BasicDatabase.java:767)
    at org.apache.derby.impl.db.BasicDatabase.boot(BasicDatabase.java:196)
    at org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1994)
    at org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:291)
    at org.apache.derby.impl.services.monitor.BaseMonitor.bootService(BaseMonitor.java:1829)
    at org.apache.derby.impl.services.monitor.BaseMonitor.startProviderService(BaseMonitor.java:1695)
    at org.apache.derby.impl.services.monitor.BaseMonitor.findProviderAndStartService(BaseMonitor.java:1575)
    at org.apache.derby.impl.services.monitor.BaseMonitor.startPersistentService(BaseMonitor.java:994)
    at org.apache.derby.iapi.services.monitor.Monitor.startPersistentService(Monitor.java:542)
    at org.apache.derby.impl.jdbc.EmbedConnection.bootDatabase(EmbedConnection.java:1796)
    at org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:253)
    at org.apache.derby.impl.jdbc.EmbedConnection30.<init>(EmbedConnection30.java:73)
    at org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Driver30.java:80)
    at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:209)
    at org.apache.derby.jdbc.EmbeddedDataSource.getConnection(EmbeddedDataSource.java:479)
    at org.apache.derby.jdbc.EmbeddedDataSource.getConnection(EmbeddedDataSource.java:423)
    at org.apache.derbyTesting.functionTests.tests.store.EncryptionKeyTest.getConnection(EncryptionKeyTest.java:580)
    at org.apache.derbyTesting.functionTests.tests.store.EncryptionKeyTest.testCreateDbFromBackup(EncryptionKeyTest.java:279)


> Code paths for db restore do not use doPrivileged-calls, causing SecurityException
> ----------------------------------------------------------------------------------
>
>                 Key: DERBY-2556
>                 URL: https://issues.apache.org/jira/browse/DERBY-2556
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.2.2.0, 10.3.0.0
>         Environment: Derby running with a security manager.
>            Reporter: Kristian Waagan
>         Assigned To: Kathey Marsden
>             Fix For: 10.3.0.0
>
>         Attachments: derby-2556_diff.txt, derby-2556_stat.txt
>
>
> When using 'createFrom' or 'restoreFrom' in the JDBC url to restore a database from a backup image, a SecurityException is thrown even though the policyfile for codebase derby.jar is correctly configured (giving Derby access to the backup image).
> A few comments on this issue can be found here (and in subsequent comments): https://issues.apache.org/jira/browse/DERBY-1001#action_12439811
> A workaround is wrapping the connection call in doPrivileged at the "application-level code", or granting the required permissions to the application codebase as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.