Quoting SocketPermission API:
"The "resolve" action is implied when any of the other actions are
present. The action "resolve" refers to host/ip name service lookups."
Based on that I didn't include resolve. And as it wasn't necessary in my
case to perform a lookup, I didn't get a security exception. The
question that comes to my mind now is what address will derby try to
reach in order to perform said lookup. Most likely the dns server ips
declared in the host derby runs. So, such addresses should be included
in the server.policy file as well.
Anyway, granting "connect, resolve" is a more complete solution.
Cheers,
Andreas
Myrna van Lunteren wrote:
I agree with Rick that this should get documented.
Perhaps, Andreas, you could log this issue as a documentation
improvement in JIRA?
Also, I wondered - in some recent testing I found that 'connect'
permission was not sufficient, I needed "connect, resolve" to the
ldapServer. Has that been your experience too?
Regards,
Myrna