You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by my...@apache.org on 2014/01/03 03:18:02 UTC
svn commit: r1554997 - in /db/derby/code/branches/10.10: ./
java/drda/org/apache/derby/drda/ java/drda/org/apache/derby/impl/drda/
java/engine/org/apache/derby/iapi/reference/
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/
java/test...
Author: myrnavl
Date: Fri Jan 3 02:18:01 2014
New Revision: 1554997
URL: http://svn.apache.org/r1554997
Log:
DERBY-6438; Explicitly grant SocketPermission "listen" in default server policy
backport of revision 1553081 from trunk
Modified:
db/derby/code/branches/10.10/ (props changed)
db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java
db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy
db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy
db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Propchange: db/derby/code/branches/10.10/
------------------------------------------------------------------------------
Merged /db/derby/code/trunk:r1553081
Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java (original)
+++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/NetworkServerControl.java Fri Jan 3 02:18:01 2014
@@ -670,6 +670,15 @@ public class NetworkServerControl{
System.setProperty( Property.DERBY_SECURITY_HOST, getHostNameForSocketPermission( server ) );
//
+ // Forcibly set the following property so that it will be correctly
+ // substituted into the default policy file. This is the hostname for
+ // SocketPermissions. This is an internal property which customers
+ // may not override.
+ //
+ System.setProperty(Property.DERBY_SECURITY_PORT,
+ String.valueOf(server.getPort()));
+
+ //
// Forcibly set the following property. This is the parameter in
// the Basic policy which points at the directory where the embedded and
// network codesources. Do not let the customer
Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/server.policy Fri Jan 3 02:18:01 2014
@@ -120,6 +120,13 @@ grant codeBase "${derby.install.url}derb
permission java.net.SocketPermission "*", "accept";
+// Allow the server to listen to the socket on the port specified with the
+// -p option to "NetworkServerControl start" on the command line, or with
+// the portNumber parameter to the NetworkServerControl constructor in the
+// API, or with the property derby.drda.portNumber. The default is 1527.
+ permission java.net.SocketPermission "localhost:${derby.security.port}",
+ "listen";
+
//
// Needed for server tracing.
//
Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/branches/10.10/java/drda/org/apache/derby/drda/template.policy Fri Jan 3 02:18:01 2014
@@ -107,6 +107,14 @@ grant codeBase "${derby.install.url}derb
permission java.net.SocketPermission "*", "accept";
+// Allow the server to listen to the socket on the default port (1527).
+// If you have specified another port number with the -p option to
+// "NetworkServerControl start" on the command line, or with the portNumber
+// parameter to the NetworkServerControl constructor in the API, or with the
+// property derby.drda.portNumber, you should change the port number in the
+// permission statement accordingly.
+ permission java.net.SocketPermission "localhost:1527", "listen";
+
//
// Needed for server tracing.
//
Modified: db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/branches/10.10/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Fri Jan 3 02:18:01 2014
@@ -378,6 +378,14 @@ public final class NetworkServerControlI
public String getHost() { return hostArg; }
/**
+ * Get the port where we listen for connections.
+ * @return the port number
+ */
+ public int getPort() {
+ return portNumber;
+ }
+
+ /**
* Return true if the customer forcibly overrode our decision to install a
* default SecurityManager.
*/
Modified: db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/branches/10.10/java/engine/org/apache/derby/iapi/reference/Property.java Fri Jan 3 02:18:01 2014
@@ -337,7 +337,7 @@ public interface Property {
String DATABASE_PROPERTIES_ONLY = "derby.database.propertiesOnly";
/**
- * Ths property is private to Derby.
+ * This property is private to Derby.
* This property is forcibly set by the Network Server to override
* any values which the user may have set. This property is only used to
* parameterize the Basic security policy used by the Network Server.
@@ -346,7 +346,7 @@ public interface Property {
public static final String DERBY_INSTALL_URL = "derby.install.url";
/**
- * Ths property is private to Derby.
+ * This property is private to Derby.
* This property is forcibly set by the Network Server to override
* any values which the user may have set. This property is only used to
* parameterize the Basic security policy used by the Network Server.
@@ -354,6 +354,15 @@ public interface Property {
**/
public static final String DERBY_SECURITY_HOST = "derby.security.host";
+ /**
+ * This property is private to Derby.
+ * This property is forcibly set by the Network Server to override
+ * any values which the user may have set. This property is only used to
+ * parameterize the Basic security policy used by the Network Server.
+ * This property is the port number which the server listens to.
+ */
+ public static final String DERBY_SECURITY_PORT = "derby.security.port";
+
/*
** derby.storage.*
*/
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy Fri Jan 3 02:18:01 2014
@@ -103,8 +103,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -187,6 +188,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -213,7 +217,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy Fri Jan 3 02:18:01 2014
@@ -99,8 +99,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -178,6 +179,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -201,7 +205,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy Fri Jan 3 02:18:01 2014
@@ -142,10 +142,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
// Needed for NetworkServerMBean access (see JMX section above)
@@ -244,6 +246,9 @@ grant codeBase "${derbyTesting.testjar}d
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -271,7 +276,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy Fri Jan 3 02:18:01 2014
@@ -107,8 +107,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -191,6 +192,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -217,7 +221,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy Fri Jan 3 02:18:01 2014
@@ -137,10 +137,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
// Needed for NetworkServerMBean access (see JMX section above)
@@ -245,6 +247,9 @@ grant codeBase "${derbyTesting.testjar}d
//client side: test execs another jvm with relative path
permission java.io.FilePermission "<<ALL FILES>>", "execute";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -276,7 +281,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy Fri Jan 3 02:18:01 2014
@@ -128,8 +128,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -225,6 +226,9 @@ grant codeBase "${derbyTesting.testjar}d
// resolve is needed to run ldap related tests
permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -245,7 +249,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy Fri Jan 3 02:18:01 2014
@@ -24,6 +24,6 @@
// permissions granted to the test framework.
//
grant codeBase "${derbyTesting.codejar}derby.jar" {
- permission java.net.SocketPermission "127.0.0.1", "connect,resolve,accept";
- permission java.net.SocketPermission "localhost", "connect,resolve,accept";
+ permission java.net.SocketPermission "127.0.0.1", "connect,accept,listen";
+ permission java.net.SocketPermission "localhost", "connect,accept,listen";
};
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy Fri Jan 3 02:18:01 2014
@@ -140,10 +140,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace", "write";
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
@@ -246,6 +248,9 @@ grant codeBase "${derbyTesting.testjar}d
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -273,7 +278,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=1554997&r1=1554996&r2=1554997&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Fri Jan 3 02:18:01 2014
@@ -153,10 +153,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write";
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write";
@@ -288,6 +290,9 @@ grant codeBase "${derbyTesting.testjar}d
// Needed by FileUtil#limitAccessToOwner
permission java.lang.RuntimePermission "accessUserInformation";
permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -315,7 +320,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";