[jira] [Commented] (DERBY-6680) All jar files need to be granted permission to read derby.ui.* properties

Mon, 18 Aug 2014 10:50:51 -0700 

    [ 
https://issues.apache.org/jira/browse/DERBY-6680?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14100934#comment-14100934
 ] 

Dag H. Wanvik commented on DERBY-6680:
--------------------------------------

Using my default classpath, or starting via java -jar I don't see this issue, 
because LocalizedResource is taken from derby.jar, which does have an entry 
which covers these properties. However, if the client jar is ahead in the 
classpath, I do see this issue *iff* I use an explicit policy specified on the 
command line, e.g like this:
{code}
java -Dderby.install.url=file:jars/sane/ -Djava.security.debug=access:failure 
-Djava.security.manager 
-Djava.security.policy=java/drda/org/apache/derby/drda/server.policy  
-Dderby.ui.locale=nb_NO.UTF-8 org.apache.derby.drda.NetworkServerControl start
{code}
The reason it happens only with an explicit mention is that the reading of the 
properties "normally" happens before we have started running with the security 
manager.

I'm not sure our provided server policy is intended to be used this way, 
though. Do we anywhere state it can be used on the command line unmodified? 
Because it can't: I had to tweak it to even get this far, it was missing more 
permissions than the "derby.ui.*" permissions to be usable in this way. The 
user who saw this issue had his own policy, btw.

The template would benefit from it in any case, though.

> All jar files need to be granted permission to read derby.ui.* properties
> -------------------------------------------------------------------------
>
>                 Key: DERBY-6680
>                 URL: https://issues.apache.org/jira/browse/DERBY-6680
>             Project: Derby
>          Issue Type: Bug
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>
> The following properties may be read by LocalizedResource, a class which is 
> included in derby.jar, derbynet.jar, derbyclient.jar, and derbytools.jar:
> {noformat}
> derby.ui.codeset
> derby.ui.locale
> {noformat}
> A user has tripped across this problem in production. With the user's 
> language settings, the network server fails to come up because the server 
> policy file does not grant the server permission to read these properties. 
> See 
> http://apache-database.10148.n7.nabble.com/Hellow-I-have-some-problem-in-customize-security-policy-with-derby-modified-3-td141002.html
> We should adjust server.policy and template.policy accordingly.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to