[
https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13909961#comment-13909961
]
Daniel Stocker commented on DERBY-6438:
---------------------------------------
Environment:
OS: Windows 7 Pro SP1
JAVA: java version "1.7.0_51", Java(TM) SE Runtime Environment (build
1.7.0_51-b13),Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
DERBY: 10.10.1.1 (April 15, 2013 / SVN 1458268)
Hi, I'm experiencing the issue described here:
C:\derby\db-derby-10.10.1.1-bin\bin>startNetworkServer
Mon Feb 24 13:06:16 NZDT 2014 : Security manager installed using the Basic
server security policy.
Mon Feb 24 13:06:19 NZDT 2014 : access denied ("java.net.SocketPermission"
"localhost:1527" "listen,resolve")
<snip>
I've tried working around the issue by using the methods described, but get the
same issue as others previously described:
C:\derby\db-derby-10.10.1.1-bin\bin>java -Djava.security.manager
-Djava.security.policy=c:/derby/db-derby-10.10.1.1-bin/bin/1010_server.policy
-Dderby.security.port=1527
-Dderby.install.url=file:///c:/derby/db-derby-10.10.1.1-bin
org.apache.derby.drda.NetworkServerControl start
Mon Feb 24 13:10:39 NZDT 2014 : access denied ("java.util.PropertyPermission"
"derby.__serverStartedFromCmdLine" "write")
java.security.AccessControlException: access denied
("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
<snip>
I tried both the earliest (17/Jan/14 18:05) and latest policy file (22/Jan/14
14:24).
I also tried 1, 2 and 3 slashes after file: under derby.install.url parameter.
I also tried including and excluding the trailing slash at the end of
derby.install.url parameter.
I also tried: java -Djava.security.manager
-Djava.security.policy=c:/derby/db-derby-10.10.1.1-bin/bin/1010_server.policy
-Dderby.security.port=1527
-Dderby.install.url=file:///c:/derby/db-derby-10.10.1.1-bin -jar derbyrun.jar
server start
However I get the same error for all variations and am unable to get the
network server running.
I notice there are a couple of other variables inside the policy file
(derby.system.home and derby.drda.traceDirectory), do I have to provide
parameters for those also?
As this is a local dev environment, perhaps the solution is to install an old
version of Java SDK? In this case, which would be suitable?
Any help would be very much appreciated :)
> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
> Key: DERBY-6438
> URL: https://issues.apache.org/jira/browse/DERBY-6438
> Project: Derby
> Issue Type: Improvement
> Components: Network Server
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2,
> 10.10.1.4, 10.11.0.0
>
> Attachments: 1010_server.policy, 1010_server.policy,
> 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html,
> releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it
> listens to, but this permission is not granted by the basic server policy
> that's installed by default. This doesn't cause any problems in most cases,
> since the JVM's default policy grants all code bases SocketPermission
> "listen" on a range of ports, and Derby's network server port is within that
> range.
> Still, the network server should not rely on this fact. It is possible to run
> the network server on any port, not only those ports that happen be in the
> range that's given carte blanche by the platform's default policy. The
> network server will however not be able to run on those ports with the basic
> policy currently, only with a custom policy or with the security manager
> disabled.
> The default policy should make this permission explicit.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
