You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by Anjana Prakash <an...@actian.com> on 2015/12/15 04:53:43 UTC
applying security policy fails to start network server.
Has anyone faced the below issue before. Attached is the security Policy file I am using.
Appreciate if anyone can help on this.
Anjana.
From: Anjana Prakash
Sent: Monday, December 14, 2015 1:40 AM
To: derby-dev@db.apache.org
Subject: apply security policy fails to start network server.
Hi,
I have a system procedure that perform file i/o hence using derby's option of customizing security policy. However server fails to starts and fails with following error.
dbReloadServer.policy org.apache.derby.drda.NetworkServerControl start;
Sun Dec 13 10:07:16 PST 2015 : access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.System.setProperty(System.java:783)
at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
I then noticed the above error was handled in issue. http://apache-database.10148.n7.nabble.com/Network-Server-Access-Permissions-and-Java-1-7-0-51-td136583.html
After following the instruction now the issue is
java.security.AccessControlException: access denied org.apache.derby.security.SystemPermission( "engine", "usederbyinternals" )
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at org.apache.derby.iapi.security.SecurityUtil.checkDerbyInternalsPrivilege(Unknown Source)
at org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Unknown Source)
at org.apache.derby.iapi.services.property.PropertyUtil$2.run(Unknown Source)
at org.apache.derby.iapi.services.property.PropertyUtil$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.iapi.services.property.PropertyUtil.getMonitorLite(Unknown Source)
at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.init(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
I am running derby version 10.12.1.1 on JDK 7.
Appreciate if anyone can guide on same.
Thanks,
Anjana.
Re: applying security policy fails to start network server.
Posted by Rick Hillegas <ri...@gmail.com>.
On 12/14/15 7:53 PM, Anjana Prakash wrote:
>
> Has anyone faced the below issue before. Attached is the security
> Policy file I am using.
>
> Appreciate if anyone can help on this.
>
> Anjana.
>
> *From:*Anjana Prakash
> *Sent:* Monday, December 14, 2015 1:40 AM
> *To:* derby-dev@db.apache.org
> *Subject:* apply security policy fails to start network server.
>
> Hi,
>
> I have a system procedure that perform file i/o hence using derby’s
> option of customizing security policy. However server fails to starts
> and fails with following error.
>
> dbReloadServer.policy org.apache.derby.drda.NetworkServerControl start;
>
> Sun Dec 13 10:07:16 PST 2015 : access denied
> ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
> "write")
>
> java.security.AccessControlException: access denied
> ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
> "write")
>
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
>
> at
> java.security.AccessController.checkPermission(AccessController.java:559)
>
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>
> at java.lang.System.setProperty(System.java:783)
>
> at org.apache.derby.drda.NetworkServerControl$1.run(Unknown
> Source)
>
> at org.apache.derby.drda.NetworkServerControl$1.run(Unknown
> Source)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
>
> I then noticed the above error was handled in issue.
> http://apache-database.10148.n7.nabble.com/Network-Server-Access-Permissions-and-Java-1-7-0-51-td136583.html
>
> After following the instruction now the issue is
>
> java.security.AccessControlException: access denied
> org.apache.derby.security.SystemPermission( "engine",
> "usederbyinternals" )
>
> at
> java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
>
> at
> java.security.AccessController.checkPermission(AccessController.java:559)
>
> at
> org.apache.derby.iapi.security.SecurityUtil.checkDerbyInternalsPrivilege(Unknown
> Source)
>
> at
> org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Unknown
> Source)
>
> at
> org.apache.derby.iapi.services.property.PropertyUtil$2.run(Unknown Source)
>
> at
> org.apache.derby.iapi.services.property.PropertyUtil$2.run(Unknown Source)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at
> org.apache.derby.iapi.services.property.PropertyUtil.getMonitorLite(Unknown
> Source)
>
> at
> org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown
> Source)
>
> at
> org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown
> Source)
>
> at
> org.apache.derby.impl.drda.NetworkServerControlImpl.init(Unknown Source)
>
> at
> org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
>
> at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
>
> I am running derby version 10.12.1.1 on JDK 7.
>
> Appreciate if anyone can guide on same.
>
> Thanks,
>
> Anjana.
>
Hi Anjana,
Does your server policy file grant the following permission to derby.jar:
permission org.apache.derby.security.SystemPermission "engine",
"usederbyinternals";
Thanks,
-Rick