You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Kathey Marsden <km...@sbcglobal.net> on 2007/09/25 18:07:00 UTC
Server tracing not allowed with default security manager policy file
I noticed that server side tracing, setting
derby.drda.traceAll=true
is not allowed with the default network server policy file. Was this an
intentional change in behaviour or is it a bug?
Thanks
Kathey
[C:/kmarsden/repro/DERBY-3085] java TestBlob
Access denied (java.io.FilePermission Server1.trace write)
java.security.AccessControlException: Access denied
(java.io.FilePermission Server1.trace write)
at
java.security.AccessController.checkPermission(AccessController.java:104)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
at java.lang.SecurityManager.checkWrite(SecurityManager.java:977)
at java.io.FileOutputStream.<init>(FileOutputStream.java:195)
at java.io.FileOutputStream.<init>(FileOutputStream.java:96)
at java.io.FileWriter.<init>(FileWriter.java:69)
at
org.apache.derby.impl.drda.DssTrace.startComBufferTrace(DssTrace.java:170)
at org.apache.derby.impl.drda.Session.initTrace(Session.java:137)
at org.apache.derby.impl.drda.Session.initialize(Session.java:257)
at org.apache.derby.impl.drda.Session.<init>(Session.java:94)
at
org.apache.derby.impl.drda.NetworkServerControlImpl.addSession(NetworkServerControlImpl.java:3673)
at org.apache.derby.impl.drda.ClientThread.run(ClientThread.java:80)
Re: Server tracing not allowed with default security manager policy
file
Posted by Rick Hillegas <Ri...@Sun.COM>.
Hi Kathey,
The change was not intentional. Right now, no file permissions are
granted to derbynet.jar. I think you don't want to grant blanket write
permission to derbynet.jar. You should be able to get away with granting
derbynet.jar something narrow like the following:
permission java.io.FilePermission "${derby.drda.traceDirectory}", "write";
However, you will need to make sure that that property is properly
defaulted as described in the Admin Guide. The defaulting needs to
happen before NetworkServerControl installs a security manager.
Regards,
-Rick
Kathey Marsden wrote:
> I noticed that server side tracing, setting
> derby.drda.traceAll=true
> is not allowed with the default network server policy file. Was this
> an intentional change in behaviour or is it a bug?
>
> Thanks
>
> Kathey
>
>
> [C:/kmarsden/repro/DERBY-3085] java TestBlob
> Access denied (java.io.FilePermission Server1.trace write)
> java.security.AccessControlException: Access denied
> (java.io.FilePermission Server1.trace write)
> at
> java.security.AccessController.checkPermission(AccessController.java:104)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
> at java.lang.SecurityManager.checkWrite(SecurityManager.java:977)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:195)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:96)
> at java.io.FileWriter.<init>(FileWriter.java:69)
> at
> org.apache.derby.impl.drda.DssTrace.startComBufferTrace(DssTrace.java:170)
>
> at org.apache.derby.impl.drda.Session.initTrace(Session.java:137)
> at org.apache.derby.impl.drda.Session.initialize(Session.java:257)
> at org.apache.derby.impl.drda.Session.<init>(Session.java:94)
> at
> org.apache.derby.impl.drda.NetworkServerControlImpl.addSession(NetworkServerControlImpl.java:3673)
>
> at
> org.apache.derby.impl.drda.ClientThread.run(ClientThread.java:80)
>
>