You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2013/12/23 08:07:46 UTC
svn commit: r1553081 - in /db/derby/code/trunk/java:
drda/org/apache/derby/drda/ drda/org/apache/derby/impl/drda/
engine/org/apache/derby/iapi/reference/
testing/org/apache/derbyTesting/functionTests/tests/derbynet/
testing/org/apache/derbyTesting/func...
Author: kahatlen
Date: Mon Dec 23 07:07:45 2013
New Revision: 1553081
URL: http://svn.apache.org/r1553081
Log:
DERBY-6438: Explicitly grant SocketPermission "listen" in default server policy
Modified:
db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/NetworkServerControl.java Mon Dec 23 07:07:45 2013
@@ -672,6 +672,15 @@ public class NetworkServerControl{
System.setProperty( Property.DERBY_SECURITY_HOST, getHostNameForSocketPermission( server ) );
//
+ // Forcibly set the following property so that it will be correctly
+ // substituted into the default policy file. This is the hostname for
+ // SocketPermissions. This is an internal property which customers
+ // may not override.
+ //
+ System.setProperty(Property.DERBY_SECURITY_PORT,
+ String.valueOf(server.getPort()));
+
+ //
// Forcibly set the following property. This is the parameter in
// the Basic policy which points at the directory where the embedded and
// network codesources. Do not let the customer
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Mon Dec 23 07:07:45 2013
@@ -119,6 +119,13 @@ grant codeBase "${derby.install.url}derb
//
permission java.net.SocketPermission "*", "accept";
+ // Allow the server to listen to the socket on the port specified with the
+ // -p option to "NetworkServerControl start" on the command line, or with
+ // the portNumber parameter to the NetworkServerControl constructor in the
+ // API, or with the property derby.drda.portNumber. The default is 1527.
+ permission java.net.SocketPermission "localhost:${derby.security.port}",
+ "listen";
+
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Mon Dec 23 07:07:45 2013
@@ -106,6 +106,14 @@ grant codeBase "${derby.install.url}derb
// e.g. "*.example.com".
permission java.net.SocketPermission "*", "accept";
+ // Allow the server to listen to the socket on the default port (1527).
+ // If you have specified another port number with the -p option to
+ // "NetworkServerControl start" on the command line, or with the portNumber
+ // parameter to the NetworkServerControl constructor in the API, or with the
+ // property derby.drda.portNumber, you should change the port number in the
+ // permission statement accordingly.
+ permission java.net.SocketPermission "localhost:1527", "listen";
+
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java Mon Dec 23 07:07:45 2013
@@ -381,6 +381,14 @@ public final class NetworkServerControlI
public String getHost() { return hostArg; }
/**
+ * Get the port where we listen for connections.
+ * @return the port number
+ */
+ public int getPort() {
+ return portNumber;
+ }
+
+ /**
* Return true if the customer forcibly overrode our decision to install a
* default SecurityManager.
*/
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/reference/Property.java Mon Dec 23 07:07:45 2013
@@ -409,7 +409,7 @@ public interface Property {
String DATABASE_PROPERTIES_ONLY = "derby.database.propertiesOnly";
/**
- * Ths property is private to Derby.
+ * This property is private to Derby.
* This property is forcibly set by the Network Server to override
* any values which the user may have set. This property is only used to
* parameterize the Basic security policy used by the Network Server.
@@ -418,7 +418,7 @@ public interface Property {
public static final String DERBY_INSTALL_URL = "derby.install.url";
/**
- * Ths property is private to Derby.
+ * This property is private to Derby.
* This property is forcibly set by the Network Server to override
* any values which the user may have set. This property is only used to
* parameterize the Basic security policy used by the Network Server.
@@ -426,6 +426,15 @@ public interface Property {
**/
public static final String DERBY_SECURITY_HOST = "derby.security.host";
+ /**
+ * This property is private to Derby.
+ * This property is forcibly set by the Network Server to override
+ * any values which the user may have set. This property is only used to
+ * parameterize the Basic security policy used by the Network Server.
+ * This property is the port number which the server listens to.
+ */
+ public static final String DERBY_SECURITY_PORT = "derby.security.port";
+
/*
** derby.storage.*
*/
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy Mon Dec 23 07:07:45 2013
@@ -103,8 +103,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -189,6 +190,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -217,7 +221,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy Mon Dec 23 07:07:45 2013
@@ -99,8 +99,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -180,6 +181,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -205,7 +209,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy Mon Dec 23 07:07:45 2013
@@ -142,10 +142,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
// Needed for NetworkServerMBean access (see JMX section above)
@@ -244,6 +246,9 @@ grant codeBase "${derbyTesting.testjar}d
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -271,7 +276,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy Mon Dec 23 07:07:45 2013
@@ -107,8 +107,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -193,6 +194,9 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
permission java.lang.RuntimePermission "setIO";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -221,7 +225,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy Mon Dec 23 07:07:45 2013
@@ -137,10 +137,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
// Needed for NetworkServerMBean access (see JMX section above)
@@ -247,6 +249,9 @@ grant codeBase "${derbyTesting.testjar}d
// DERBY-6295: Also grant read permission so that detailed error
// message is shown.
permission java.io.FilePermission "${java.home}${/}-", "execute, read";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -278,7 +283,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy Mon Dec 23 07:07:45 2013
@@ -128,8 +128,9 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
@@ -225,6 +226,9 @@ grant codeBase "${derbyTesting.testjar}d
// resolve is needed to run ldap related tests
permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -245,7 +249,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy Mon Dec 23 07:07:45 2013
@@ -24,6 +24,6 @@
// permissions granted to the test framework.
//
grant codeBase "${derbyTesting.codejar}derby.jar" {
- permission java.net.SocketPermission "127.0.0.1", "connect,resolve,accept";
- permission java.net.SocketPermission "localhost", "connect,resolve,accept";
+ permission java.net.SocketPermission "127.0.0.1", "connect,accept,listen";
+ permission java.net.SocketPermission "localhost", "connect,accept,listen";
};
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy Mon Dec 23 07:07:45 2013
@@ -140,10 +140,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace", "write";
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write";
@@ -246,6 +248,9 @@ grant codeBase "${derbyTesting.testjar}d
permission org.apache.derby.security.SystemPermission "jmx", "control";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -273,7 +278,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=1553081&r1=1553080&r2=1553081&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy Mon Dec 23 07:07:45 2013
@@ -153,10 +153,12 @@ grant codeBase "${derbyTesting.codejar}d
// accept is needed for the server accepting connections
// connect is needed for ping command (which is in the server jar)
+ // listen is needed for the server listening on the network port
permission java.net.SocketPermission "127.0.0.1", "accept,connect";
- permission java.net.SocketPermission "localhost", "accept,connect";
+ permission java.net.SocketPermission "localhost", "accept,connect,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
+
// Need to be able to write to trace file for NetworkServerControlApiTest
permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write";
permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write";
@@ -289,6 +291,9 @@ grant codeBase "${derbyTesting.testjar}d
// Needed by FileUtil#limitAccessToOwner
permission java.lang.RuntimePermission "accessUserInformation";
permission java.lang.RuntimePermission "getFileStoreAttributes";
+
+ // Needed by NetworkServerTestSetup when probing ports.
+ permission java.net.SocketPermission "localhost", "listen";
};
//
@@ -316,7 +321,7 @@ grant codeBase "${derbyTesting.codeclass
// combination of client and server side.
permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
+ permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";