Re: Network server with different java (or derby) version between client and server
Some responses inline...
On 12/1/22 4:15 AM, fed wrote:
Hi,
As you suggested, the issue is the security manager, to be honest I am used
to java security manager, I read and tested a bit to understand how it
works.
My initial setup was server service in a dir, let’s say /dir1 and database
in another dir let’s say /dir2 so the dirs are distinct to each other.
Considering version 10.15.2.0 running the server without security manager
works:
java -jar derbyrun.jar server -noSecurityManager start
but reading from documentation I know it is not recommended and advisable
so I want to use the security manager.
So then I put my db dir inside the lib dir where derbyrun.jar and other
jars are, so something like lib/db/mydb and running it with
java -jar derbyrun.jar server start
and I can access the db even using relative path on jdbc url, db/mydb.
I am not used to derby in server mode, I read the documentation but sorry
it’s not all clear to me how to use it.
So from my test I suppose the recommended setup is to create a db dir
inside lib and put all the dbs inside it ? lib/db/db1, lib/db/db2 etc ?
right?
Typically, people separate code-bearing directories from data-bearing
directories. This makes it easier to upgrade to a new version of Derby
since the database is not located with the old version of Derby code.
Something like the following:
/Users/me/derbyInstallation/
/Users/me/derbyInstallation/derbyVersions/10.15.2.0
/Users/me/derbyInstallation/derbyHome
/Users/me/derbyInstallation/derbyHome/db1
/Users/me/derbyInstallation/derbyHome/db2
Just as note I tested again with 10.12.1.1 and I found that forcing the
security policy with the server template one (I suppose the default
behaviour is changed with the newer version) it behaves the same like
10.15.2.0, I used:
java
-Djava.security.policy=/tmp/db-derby-10.12.1.1-bin/demo/templates/server.policy
-jar derbyrun server start
Note that the supplied policies are just templates. You need to edit
them in order to use them. See
https://db.apache.org/derby/docs/10.15/security/csecjavasecurity.html
That is, at a minimum, you need to copy the template server policy (for
10.15.2.0 it's demo/templates/serverTemplate.policy) to some other
location and edit lines like the following...
grant codeBase "${derby.install.url}derbyshared.jar"
...replacing the ${derby.install.url} symbol with the url handle of your
Derby code library (file:///Users/me/derbyInstallation/10.15.2.0/) so
that the lines look like this:
grant codeBase"file:///Users/me/derbyInstallation/10.15.2.0/derbyshared.jar"
Hope this helps,
-Rick
Thanks for the help.
On Fri, 25 Nov 2022 at 21:02, Rick Hillegas wrote:
Check that your 10.15 classpath is correct. You need a couple more jar
files compared to previous releases. Your 10.15 server classpath must
contain the following jars:
derby.jar
derbyshared.jar
derbytools.jar
derbynet.jar
See
https://db.apache.org/derby/docs/10.15/adminguide/tadminappschangingyourclasspath.html
and
https://db.apache.org/derby/docs/10.15/publishedapi/org.apache.derby.server/module-summary.html
On 11/25/22 9:51 AM, Rick Hillegas wrote:
This indicates that the server is running with a Java SecurityManager
and that the policy file does not grant read permission on that
file--and probably all files in the database directory.
On 11/25/22 12:30 AM, fed wrote:
Hi,
testing with 10.15.2.0 from derby.log, server side, it complains about a
read permission on service.properties, some part of the file:
java.sql.SQLException: Impossibile avviare il database
'/home/user/db/' con
il caricatore di classi
jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
dettagli,
vedere l'eccezione successiva.
...
Caused by: java.security.AccessControlException: access denied
("java.io.FilePermission" "/home/user/db/service.properties" "read")
...
ERROR XBM0C: Privilegio mancante per l'operazione 'exists' sul file
'service.properties': access denied ("java.io.FilePermission"
"/home/user/db/service.properties" "read")
There are several errors like these ones but I have read permission
on this
file.
The user that starts the server is the same that owns the file, the
permissions on the file are 664.
As I said, same setup but using 10.12.1.1 for the server, I have no
problems.
Best Regards
-fed
On Thu, 24 Nov 2022 at 19:52, Rick Hillegas
wrote:
The SQLState indicates that the server was not able to boot the
database. Look in the server-side derby.log to see if there is a
detailed error message describing why the boot failed.
On 11/23/22 4:42 PM, fed wrote:
Hi,
Sorry for the late answer but I lost your reply.
Two tests:
I have a database updated to version 10.12.1.1, the server is running
with
the 10.12.1.1 too and the client is using 10.12.1.1 too, the
connection
is
OK, I can use this setup.
But another test:
still the same database updated to version 10.12.1.1, the server is
running
10.15.2.0 so a newer version and the
Re: Network server with different java (or derby) version between client and server
For more background on what is meant by "If user authentication is
enabled", look here:
https://db.apache.org/derby/docs/10.15/security/cseccsecure42374.html
bryan
On Thu, Dec 1, 2022 at 6:24 AM fed wrote:
>
> Another thing I don't understand is about shutdown, from the documentation,
> adminguide, it says:
>
> https://db.apache.org/derby/docs/10.15/adminguide/tadminconfigshuttingdownthenetworkserver.html
>
> "Important: If user authentication is enabled, you must specify a valid Derby
> user name and password; if the user authentication check fails, you'll see an
> authentication error and the running server remains intact. Note that Derby
> does not yet restrict the shutdown privilege to specific users: the server
> can be shut down by any user on the server machine who presents valid
> credentials."
>
> Which username and password ?
>
> from a single network server running I can access multiple databases, right?
> Considering jdbc url I can access them in this way I suppose for example:
> `jdbc:derby://localhost:1527/db/db1`
> `jdbc:derby://localhost:1527/db/db2
> ... etc`
>
> if every one of them will have their own user/password (I am using NATIVE
> authentication) so what password has to be specified on shutdown ?
>
> And testing it seems I can shutdown it even without providing any
> user/password.
>
> Thanks for the help.
>
>
>
>
>
> On Thu, 1 Dec 2022 at 13:15, fed wrote:
>>
>> Hi,
>>
>> As you suggested, the issue is the security manager, to be honest I am used
>> to java security manager, I read and tested a bit to understand how it works.
>> My initial setup was server service in a dir, let’s say /dir1 and database
>> in another dir let’s say /dir2 so the dirs are distinct to each other.
>>
>> Considering version 10.15.2.0 running the server without security manager
>> works:
>>
>> java -jar derbyrun.jar server -noSecurityManager start
>>
>> but reading from documentation I know it is not recommended and advisable so
>> I want to use the security manager.
>>
>> So then I put my db dir inside the lib dir where derbyrun.jar and other jars
>> are, so something like lib/db/mydb and running it with
>> java -jar derbyrun.jar server start
>> and I can access the db even using relative path on jdbc url, db/mydb.
>>
>> I am not used to derby in server mode, I read the documentation but sorry
>> it’s not all clear to me how to use it.
>> So from my test I suppose the recommended setup is to create a db dir inside
>> lib and put all the dbs inside it ? lib/db/db1, lib/db/db2 etc ? right?
>>
>> Just as note I tested again with 10.12.1.1 and I found that forcing the
>> security policy with the server template one (I suppose the default
>> behaviour is changed with the newer version) it behaves the same like
>> 10.15.2.0, I used:
>> java
>> -Djava.security.policy=/tmp/db-derby-10.12.1.1-bin/demo/templates/server.policy
>> -jar derbyrun server start
>>
>> Thanks for the help.
>>
>>
>> On Fri, 25 Nov 2022 at 21:02, Rick Hillegas wrote:
>>>
>>> Check that your 10.15 classpath is correct. You need a couple more jar
>>> files compared to previous releases. Your 10.15 server classpath must
>>> contain the following jars:
>>>
>>>derby.jar
>>>derbyshared.jar
>>>derbytools.jar
>>>derbynet.jar
>>>
>>> See
>>> https://db.apache.org/derby/docs/10.15/adminguide/tadminappschangingyourclasspath.html
>>> and
>>> https://db.apache.org/derby/docs/10.15/publishedapi/org.apache.derby.server/module-summary.html
>>>
>>>
>>> On 11/25/22 9:51 AM, Rick Hillegas wrote:
>>> > This indicates that the server is running with a Java SecurityManager
>>> > and that the policy file does not grant read permission on that
>>> > file--and probably all files in the database directory.
>>> >
>>> > On 11/25/22 12:30 AM, fed wrote:
>>> >> Hi,
>>> >>
>>> >> testing with 10.15.2.0 from derby.log, server side, it complains about a
>>> >> read permission on service.properties, some part of the file:
>>> >>
>>> >> java.sql.SQLException: Impossibile avviare il database
>>> >> '/home/user/db/' con
>>> >> il caricatore di classi
>>> >> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
>>> >> dettagli,
>>> >> vedere l'eccezione successiva.
>>> >> ...
>>> >> Caused by: java.security.AccessControlException: access denied
>>> >> ("java.io.FilePermission" "/home/user/db/service.properties" "read")
>>> >> ...
>>> >> ERROR XBM0C: Privilegio mancante per l'operazione 'exists' sul file
>>> >> 'service.properties': access denied ("java.io.FilePermission"
>>> >> "/home/user/db/service.properties" "read")
>>> >>
>>> >>
>>> >> There are several errors like these ones but I have read permission
>>> >> on this
>>> >> file.
>>> >> The user that starts the server is the same that owns the file, the
>>> >> permissions on the file are 664.
>>> >>
>>> >> As I said, same setup but using 10.12.1.1 for the server, I have no
>>> >> problems.
>>> >>
>>> >> Best Regards
>>> >> -fed
>>> >>
>>> >> On Thu, 24 Nov 2022 at 19:52,
Re: Network server with different java (or derby) version between client and server
Another thing I don't understand is about shutdown, from the documentation,
adminguide, it says:
https://db.apache.org/derby/docs/10.15/adminguide/tadminconfigshuttingdownthenetworkserver.html
"Important: If user authentication is enabled, you must specify a valid
Derby user name and password; if the user authentication check fails,
you'll see an authentication error and the running server remains intact.
Note that Derby does not yet restrict the shutdown privilege to specific
users: the server can be shut down by any user on the server machine who
presents valid credentials."
Which username and password ?
from a single network server running I can access multiple databases,
right?
Considering jdbc url I can access them in this way I suppose for example:
`jdbc:derby://localhost:1527/db/db1`
`jdbc:derby://localhost:1527/db/db2
... etc`
if every one of them will have their own user/password (I am using NATIVE
authentication) so what password has to be specified on shutdown ?
And testing it seems I can shutdown it even without providing any
user/password.
Thanks for the help.
On Thu, 1 Dec 2022 at 13:15, fed wrote:
> Hi,
>
> As you suggested, the issue is the security manager, to be honest I am
> used to java security manager, I read and tested a bit to understand how it
> works.
> My initial setup was server service in a dir, let’s say /dir1 and database
> in another dir let’s say /dir2 so the dirs are distinct to each other.
>
> Considering version 10.15.2.0 running the server without security manager
> works:
>
> java -jar derbyrun.jar server -noSecurityManager start
>
> but reading from documentation I know it is not recommended and advisable
> so I want to use the security manager.
>
> So then I put my db dir inside the lib dir where derbyrun.jar and other
> jars are, so something like lib/db/mydb and running it with
> java -jar derbyrun.jar server start
> and I can access the db even using relative path on jdbc url, db/mydb.
>
> I am not used to derby in server mode, I read the documentation but sorry
> it’s not all clear to me how to use it.
> So from my test I suppose the recommended setup is to create a db dir
> inside lib and put all the dbs inside it ? lib/db/db1, lib/db/db2 etc ?
> right?
>
> Just as note I tested again with 10.12.1.1 and I found that forcing the
> security policy with the server template one (I suppose the default
> behaviour is changed with the newer version) it behaves the same like
> 10.15.2.0, I used:
> java
> -Djava.security.policy=/tmp/db-derby-10.12.1.1-bin/demo/templates/server.policy
> -jar derbyrun server start
>
> Thanks for the help.
>
> On Fri, 25 Nov 2022 at 21:02, Rick Hillegas
> wrote:
>
>> Check that your 10.15 classpath is correct. You need a couple more jar
>> files compared to previous releases. Your 10.15 server classpath must
>> contain the following jars:
>>
>>derby.jar
>>derbyshared.jar
>>derbytools.jar
>>derbynet.jar
>>
>> See
>>
>> https://db.apache.org/derby/docs/10.15/adminguide/tadminappschangingyourclasspath.html
>> and
>>
>> https://db.apache.org/derby/docs/10.15/publishedapi/org.apache.derby.server/module-summary.html
>>
>>
>> On 11/25/22 9:51 AM, Rick Hillegas wrote:
>> > This indicates that the server is running with a Java SecurityManager
>> > and that the policy file does not grant read permission on that
>> > file--and probably all files in the database directory.
>> >
>> > On 11/25/22 12:30 AM, fed wrote:
>> >> Hi,
>> >>
>> >> testing with 10.15.2.0 from derby.log, server side, it complains about
>> a
>> >> read permission on service.properties, some part of the file:
>> >>
>> >> java.sql.SQLException: Impossibile avviare il database
>> >> '/home/user/db/' con
>> >> il caricatore di classi
>> >> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
>> >> dettagli,
>> >> vedere l'eccezione successiva.
>> >> ...
>> >> Caused by: java.security.AccessControlException: access denied
>> >> ("java.io.FilePermission" "/home/user/db/service.properties" "read")
>> >> ...
>> >> ERROR XBM0C: Privilegio mancante per l'operazione 'exists' sul file
>> >> 'service.properties': access denied ("java.io.FilePermission"
>> >> "/home/user/db/service.properties" "read")
>> >>
>> >>
>> >> There are several errors like these ones but I have read permission
>> >> on this
>> >> file.
>> >> The user that starts the server is the same that owns the file, the
>> >> permissions on the file are 664.
>> >>
>> >> As I said, same setup but using 10.12.1.1 for the server, I have no
>> >> problems.
>> >>
>> >> Best Regards
>> >> -fed
>> >>
>> >> On Thu, 24 Nov 2022 at 19:52, Rick Hillegas
>> >> wrote:
>> >>
>> >>> The SQLState indicates that the server was not able to boot the
>> >>> database. Look in the server-side derby.log to see if there is a
>> >>> detailed error message describing why the boot failed.
>> >>>
>> >>> On 11/23/22 4:42 PM, fed wrote:
>> Hi,
>>
>> Sorry for the late answer but I lost your reply.
>>
Re: Network server with different java (or derby) version between client and server
Hi,
As you suggested, the issue is the security manager, to be honest I am used
to java security manager, I read and tested a bit to understand how it
works.
My initial setup was server service in a dir, let’s say /dir1 and database
in another dir let’s say /dir2 so the dirs are distinct to each other.
Considering version 10.15.2.0 running the server without security manager
works:
java -jar derbyrun.jar server -noSecurityManager start
but reading from documentation I know it is not recommended and advisable
so I want to use the security manager.
So then I put my db dir inside the lib dir where derbyrun.jar and other
jars are, so something like lib/db/mydb and running it with
java -jar derbyrun.jar server start
and I can access the db even using relative path on jdbc url, db/mydb.
I am not used to derby in server mode, I read the documentation but sorry
it’s not all clear to me how to use it.
So from my test I suppose the recommended setup is to create a db dir
inside lib and put all the dbs inside it ? lib/db/db1, lib/db/db2 etc ?
right?
Just as note I tested again with 10.12.1.1 and I found that forcing the
security policy with the server template one (I suppose the default
behaviour is changed with the newer version) it behaves the same like
10.15.2.0, I used:
java
-Djava.security.policy=/tmp/db-derby-10.12.1.1-bin/demo/templates/server.policy
-jar derbyrun server start
Thanks for the help.
On Fri, 25 Nov 2022 at 21:02, Rick Hillegas wrote:
> Check that your 10.15 classpath is correct. You need a couple more jar
> files compared to previous releases. Your 10.15 server classpath must
> contain the following jars:
>
>derby.jar
>derbyshared.jar
>derbytools.jar
>derbynet.jar
>
> See
>
> https://db.apache.org/derby/docs/10.15/adminguide/tadminappschangingyourclasspath.html
> and
>
> https://db.apache.org/derby/docs/10.15/publishedapi/org.apache.derby.server/module-summary.html
>
>
> On 11/25/22 9:51 AM, Rick Hillegas wrote:
> > This indicates that the server is running with a Java SecurityManager
> > and that the policy file does not grant read permission on that
> > file--and probably all files in the database directory.
> >
> > On 11/25/22 12:30 AM, fed wrote:
> >> Hi,
> >>
> >> testing with 10.15.2.0 from derby.log, server side, it complains about a
> >> read permission on service.properties, some part of the file:
> >>
> >> java.sql.SQLException: Impossibile avviare il database
> >> '/home/user/db/' con
> >> il caricatore di classi
> >> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
> >> dettagli,
> >> vedere l'eccezione successiva.
> >> ...
> >> Caused by: java.security.AccessControlException: access denied
> >> ("java.io.FilePermission" "/home/user/db/service.properties" "read")
> >> ...
> >> ERROR XBM0C: Privilegio mancante per l'operazione 'exists' sul file
> >> 'service.properties': access denied ("java.io.FilePermission"
> >> "/home/user/db/service.properties" "read")
> >>
> >>
> >> There are several errors like these ones but I have read permission
> >> on this
> >> file.
> >> The user that starts the server is the same that owns the file, the
> >> permissions on the file are 664.
> >>
> >> As I said, same setup but using 10.12.1.1 for the server, I have no
> >> problems.
> >>
> >> Best Regards
> >> -fed
> >>
> >> On Thu, 24 Nov 2022 at 19:52, Rick Hillegas
> >> wrote:
> >>
> >>> The SQLState indicates that the server was not able to boot the
> >>> database. Look in the server-side derby.log to see if there is a
> >>> detailed error message describing why the boot failed.
> >>>
> >>> On 11/23/22 4:42 PM, fed wrote:
> Hi,
>
> Sorry for the late answer but I lost your reply.
>
> Two tests:
>
> I have a database updated to version 10.12.1.1, the server is running
> >>> with
> the 10.12.1.1 too and the client is using 10.12.1.1 too, the
> connection
> >>> is
> OK, I can use this setup.
>
> But another test:
> still the same database updated to version 10.12.1.1, the server is
> >>> running
> 10.15.2.0 so a newer version and the client is using 10.12.1.1: I
> have
> problems in this case the client can't connect to the database with
> this
> error:
>
> Caused by: org.apache.derby.client.am.SqlException: DERBY SQL error:
> ERRORCODE: 4, SQLSTATE: XJ040, SQLERRMC: Impossibile avviare il
> database '/home/user/some_db_path/' con il caricatore di classi
> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
> >>> dettagli,
> vedere l'eccezione successiva.::SQLSTATE: XBM0C
>
> Thanks for the help
>
>
>
> On Sun, 13 Nov 2022 at 15:26, Bryan Pendleton <
> >>> bpendleton.de...@gmail.com>
> wrote:
>
> > I'm not aware of client-server version incompatibilities. Have you
> > done any experiments with different versions?
> >
> > thanks,
> >
> > bryan
> >
> > On Thu, Nov
