[
https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6438:
---------------------------------
Attachment: 1010_server.policy
Attaching another version of 1010_server.policy. I found that the previous
version allowed me to boot the server and create on-disk databases using Derby
10.10.1.1. However, when I tried to bring down the server like this...
java org.apache.derby.drda.NetworkServerControl shutdown -p 8246 -user
\"rick\" -password rickspassword
...the server crashed with this error...
java.security.AccessControlException: access denied ("java.sql.SQLPermission"
"deregisterDriver")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.sql.DriverManager.deregisterDriver(DriverManager.java:402)
at
org.apache.derby.jdbc.AutoloadedDriver.unregisterDriverModule(Unknown Source)
at org.apache.derby.jdbc.Driver20.stop(Unknown Source)
at org.apache.derby.impl.services.monitor.TopService.stop(Unknown
Source)
at org.apache.derby.impl.services.monitor.TopService.shutdown(Unknown
Source)
at org.apache.derby.impl.services.monitor.BaseMonitor.shutdown(Unknown
Source)
at org.apache.derby.impl.services.monitor.BaseMonitor.shutdown(Unknown
Source)
at org.apache.derby.jdbc.InternalDriver.connect(Unknown Source)
at org.apache.derby.jdbc.Driver20.connect(Unknown Source)
at org.apache.derby.jdbc.EmbeddedDriver.connect(Unknown Source)
at
org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(Unknown
Source)
at
org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(Unknown Source)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
The "deregisterDriver" permission is needed if you are running on JDK 8. The
new version of 1010_server.policy adds the following permission to the derby
engine and the derby server. With this extra permission, the 10.10.1.1 server
comes down gracefully on JDK 8...
permission java.sql.SQLPermission "deregisterDriver";
> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
> Key: DERBY-6438
> URL: https://issues.apache.org/jira/browse/DERBY-6438
> Project: Derby
> Issue Type: Improvement
> Components: Network Server
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2,
> 10.10.1.4, 10.11.0.0
>
> Attachments: 1010_server.policy, 1010_server.policy,
> 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html,
> releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it
> listens to, but this permission is not granted by the basic server policy
> that's installed by default. This doesn't cause any problems in most cases,
> since the JVM's default policy grants all code bases SocketPermission
> "listen" on a range of ports, and Derby's network server port is within that
> range.
> Still, the network server should not rely on this fact. It is possible to run
> the network server on any port, not only those ports that happen be in the
> range that's given carte blanche by the platform's default policy. The
> network server will however not be able to run on those ports with the basic
> policy currently, only with a custom policy or with the security manager
> disabled.
> The default policy should make this permission explicit.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
