RE: Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with Derby 10.14.2.0
I was able to move my "jar" to the "derby home" directory and load the
functions from the "jar" from there without modifying the security policy file.
This was an ok solution for me as the "jar" does not need to stick around
after being loaded and only needs to be loaded one, so it was acceptable for me
to do this.
Thank for the help Bryan!
-Original Message-
From: Bergquist, Brett [mailto:bbergqu...@canoga.com]
Sent: Thursday, June 07, 2018 3:09 PM
To: Derby Discussion
Subject: RE: Question on why I am getting a security exception calling
SQLJ.INSTALL_JAR with Derby 10.14.2.0
Yes the release notes are showing up now. I cleared the browser cache to make
sure as well. It was very disconcerting to find the information gone and one
dumped into a directory listing of the Apache projects and having to root
around (ie. I had to assume that the link "db" took me to where Derby might be
located). Glad it is all better now!
I can create a security policy file and start it with that or I believe I could
move my "jar" that has functions and procedures loaded into Derby with the
"SQLJ.INSTALL_JAR" call into the "derby home" directory and load the functions
from there. It is only during installation of our product that these
functions/procedures are loaded. I don't need to have a general purpose area
to load from.
Thanks for taking the time to get back on this Bryan. It is much appreciated.
Brett
-Original Message-
From: Bryan Pendleton [mailto:bpendleton.de...@gmail.com]
Sent: Monday, June 04, 2018 9:02 PM
To: Derby Discussion
Subject: Re: Question on why I am getting a security exception calling
SQLJ.INSTALL_JAR with Derby 10.14.2.0
Hi Brett,
I'm not sure what's going on with the mirrors. The cgi page is working properly
for me now, and it contains the release notes on that page.
http://db.apache.org/derby/releases/release-10.14.2.0.cgi
When you finally got the the right page, did it have the release notes on it?
Meanwhile, w.r.t. the permissions question, I think you are right that
DERBY-6987 is the source of your problems.
Can you change your startup procedures so that you specify a security policy
with the slightly looser permission that your application requires?
Here's the docs on how to provide your desired security policy:
https://db.apache.org/derby/docs/10.14/security/csecjavasecurity.html
thanks,
bryan
On Mon, Jun 4, 2018 at 8:18 AM, Bergquist, Brett wrote:
> I am getting this error when trying to install a JAR
>
>
>
> [sql] Failed to execute: CALL
> SQLJ.INSTALL_JAR('/opt/canogaview/temp/buil
>
> d/core_pkg/META-INF/customize/csemdb/csem-derby.jar',
> 'CSEM.csemderby', 0)
>
> [sql] java.sql.SQLTransactionRollbackException: The exception
> 'java.securi
>
> ty.AccessControlException: access denied ("java.io.FilePermission"
> "/opt/canogav
>
> iew/temp/build/core_pkg/META-INF/customize/csemdb/csem-derby.jar" "read")'
> was t
>
> hrown while evaluating an expression.
>
> [sql] Failed to execute: CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('de
>
> rby.database.classpath','CSEM.csemderby')
>
> [sql] java.sql.SQLSyntaxErrorException: The database class path
> contains a
>
> n unknown jar file '"CSEM"."CSEMDERBY"'.
>
>
>
> This error does not occur with Derby 10.13.1.1 but does occur now that
> I have upgrade to 10.14.2.0.
>
>
>
> I believe the this is related to some security change. Possibly:
>
>
>
> https://issues.apache.org/jira/browse/DERBY-6987
>
>
>
> The application that is starting the JVM that is running Derby Network
> Server has not changed. Only the version of Derby has changed.
>
>
>
> Any pointers will be greatly appreciated.
>
>
>
> I will be honest here. Trying to find the change in the release notes
> is darn near impossible since the release notes for the releases are no longer
> on the Derby web site, at least I cannot find them. Having to download an
> release and expand it to see what has changed is pretty awful.
>
>
>
> So interestingly I just clicked on this link again:
>
>
>
> http://db.apache.org/derby/releases/release-10.14.2.0.cgi
>
>
>
> Now I get a totally different page being returned. I think this has
> something to do with the mirrors. Earlier this morning, it brought me to
> page where it shows all of the apache projects and I had to drill down
> to “db/derby” and then was able to download the “bin” zip file for 10.14.2.0.
>
>
>
> So there is possibly some issue with the mirrors sometimes not
> displaying the same content.
>
>
>
> Canoga Perkins
> 20600 Prairie Street
> Chatsworth, CA 91311
> (818) 718-6300
>
> This e-mail and any attached document(s) is confidential and is
> intended only for the review of the party to whom it is addressed. If
> you have received this transmission in error, please notify the sender
> immediately and discard the original message and any attachment(s).
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
RE: Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with Derby 10.14.2.0
Yes the release notes are showing up now. I cleared the browser cache to make
sure as well. It was very disconcerting to find the information gone and one
dumped into a directory listing of the Apache projects and having to root
around (ie. I had to assume that the link "db" took me to where Derby might be
located). Glad it is all better now!
I can create a security policy file and start it with that or I believe I could
move my "jar" that has functions and procedures loaded into Derby with the
"SQLJ.INSTALL_JAR" call into the "derby home" directory and load the functions
from there. It is only during installation of our product that these
functions/procedures are loaded. I don't need to have a general purpose area
to load from.
Thanks for taking the time to get back on this Bryan. It is much appreciated.
Brett
-Original Message-
From: Bryan Pendleton [mailto:bpendleton.de...@gmail.com]
Sent: Monday, June 04, 2018 9:02 PM
To: Derby Discussion
Subject: Re: Question on why I am getting a security exception calling
SQLJ.INSTALL_JAR with Derby 10.14.2.0
Hi Brett,
I'm not sure what's going on with the mirrors. The cgi page is working properly
for me now, and it contains the release notes on that page.
http://db.apache.org/derby/releases/release-10.14.2.0.cgi
When you finally got the the right page, did it have the release notes on it?
Meanwhile, w.r.t. the permissions question, I think you are right that
DERBY-6987 is the source of your problems.
Can you change your startup procedures so that you specify a security policy
with the slightly looser permission that your application requires?
Here's the docs on how to provide your desired security policy:
https://db.apache.org/derby/docs/10.14/security/csecjavasecurity.html
thanks,
bryan
On Mon, Jun 4, 2018 at 8:18 AM, Bergquist, Brett wrote:
> I am getting this error when trying to install a JAR
>
>
>
> [sql] Failed to execute: CALL
> SQLJ.INSTALL_JAR('/opt/canogaview/temp/buil
>
> d/core_pkg/META-INF/customize/csemdb/csem-derby.jar',
> 'CSEM.csemderby', 0)
>
> [sql] java.sql.SQLTransactionRollbackException: The exception
> 'java.securi
>
> ty.AccessControlException: access denied ("java.io.FilePermission"
> "/opt/canogav
>
> iew/temp/build/core_pkg/META-INF/customize/csemdb/csem-derby.jar" "read")'
> was t
>
> hrown while evaluating an expression.
>
> [sql] Failed to execute: CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('de
>
> rby.database.classpath','CSEM.csemderby')
>
> [sql] java.sql.SQLSyntaxErrorException: The database class path
> contains a
>
> n unknown jar file '"CSEM"."CSEMDERBY"'.
>
>
>
> This error does not occur with Derby 10.13.1.1 but does occur now that
> I have upgrade to 10.14.2.0.
>
>
>
> I believe the this is related to some security change. Possibly:
>
>
>
> https://issues.apache.org/jira/browse/DERBY-6987
>
>
>
> The application that is starting the JVM that is running Derby Network
> Server has not changed. Only the version of Derby has changed.
>
>
>
> Any pointers will be greatly appreciated.
>
>
>
> I will be honest here. Trying to find the change in the release notes
> is darn near impossible since the release notes for the releases are no longer
> on the Derby web site, at least I cannot find them. Having to download an
> release and expand it to see what has changed is pretty awful.
>
>
>
> So interestingly I just clicked on this link again:
>
>
>
> http://db.apache.org/derby/releases/release-10.14.2.0.cgi
>
>
>
> Now I get a totally different page being returned. I think this has
> something to do with the mirrors. Earlier this morning, it brought me to
> page where it shows all of the apache projects and I had to drill down
> to “db/derby” and then was able to download the “bin” zip file for 10.14.2.0.
>
>
>
> So there is possibly some issue with the mirrors sometimes not
> displaying the same content.
>
>
>
> Canoga Perkins
> 20600 Prairie Street
> Chatsworth, CA 91311
> (818) 718-6300
>
> This e-mail and any attached document(s) is confidential and is
> intended only for the review of the party to whom it is addressed. If
> you have received this transmission in error, please notify the sender
> immediately and discard the original message and any attachment(s).
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300
This e-mail and any attached document(s) is confidential and is intended only
for the review of the party to whom it is addressed. If you have received this
transmission in error, please notify the sender immediately and discard the
original message and any attachment(s).
Re: Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with Derby 10.14.2.0
Hi Brett,
I'm not sure what's going on with the mirrors. The cgi page is working
properly for me now, and it contains the release notes on that page.
http://db.apache.org/derby/releases/release-10.14.2.0.cgi
When you finally got the the right page, did it have the release notes on it?
Meanwhile, w.r.t. the permissions question, I think you are right
that DERBY-6987 is the source of your problems.
Can you change your startup procedures so that you specify a
security policy with the slightly looser permission that your application
requires?
Here's the docs on how to provide your desired security policy:
https://db.apache.org/derby/docs/10.14/security/csecjavasecurity.html
thanks,
bryan
On Mon, Jun 4, 2018 at 8:18 AM, Bergquist, Brett wrote:
> I am getting this error when trying to install a JAR
>
>
>
> [sql] Failed to execute: CALL
> SQLJ.INSTALL_JAR('/opt/canogaview/temp/buil
>
> d/core_pkg/META-INF/customize/csemdb/csem-derby.jar', 'CSEM.csemderby', 0)
>
> [sql] java.sql.SQLTransactionRollbackException: The exception
> 'java.securi
>
> ty.AccessControlException: access denied ("java.io.FilePermission"
> "/opt/canogav
>
> iew/temp/build/core_pkg/META-INF/customize/csemdb/csem-derby.jar" "read")'
> was t
>
> hrown while evaluating an expression.
>
> [sql] Failed to execute: CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('de
>
> rby.database.classpath','CSEM.csemderby')
>
> [sql] java.sql.SQLSyntaxErrorException: The database class path
> contains a
>
> n unknown jar file '"CSEM"."CSEMDERBY"'.
>
>
>
> This error does not occur with Derby 10.13.1.1 but does occur now that I
> have upgrade to 10.14.2.0.
>
>
>
> I believe the this is related to some security change. Possibly:
>
>
>
> https://issues.apache.org/jira/browse/DERBY-6987
>
>
>
> The application that is starting the JVM that is running Derby Network
> Server has not changed. Only the version of Derby has changed.
>
>
>
> Any pointers will be greatly appreciated.
>
>
>
> I will be honest here. Trying to find the change in the release notes is
> darn near impossible since the release notes for the releases are no longer
> on the Derby web site, at least I cannot find them. Having to download an
> release and expand it to see what has changed is pretty awful.
>
>
>
> So interestingly I just clicked on this link again:
>
>
>
> http://db.apache.org/derby/releases/release-10.14.2.0.cgi
>
>
>
> Now I get a totally different page being returned. I think this has
> something to do with the mirrors. Earlier this morning, it brought me to
> page where it shows all of the apache projects and I had to drill down to
> “db/derby” and then was able to download the “bin” zip file for 10.14.2.0.
>
>
>
> So there is possibly some issue with the mirrors sometimes not displaying
> the same content.
>
>
>
> Canoga Perkins
> 20600 Prairie Street
> Chatsworth, CA 91311
> (818) 718-6300
>
> This e-mail and any attached document(s) is confidential and is intended
> only for the review of the party to whom it is addressed. If you have
> received this transmission in error, please notify the sender immediately
> and discard the original message and any attachment(s).
Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with Derby 10.14.2.0
I am getting this error when trying to install a JAR
[sql] Failed to execute: CALL SQLJ.INSTALL_JAR('/opt/canogaview/temp/buil
d/core_pkg/META-INF/customize/csemdb/csem-derby.jar', 'CSEM.csemderby', 0)
[sql] java.sql.SQLTransactionRollbackException: The exception 'java.securi
ty.AccessControlException: access denied ("java.io.FilePermission" "/opt/canogav
iew/temp/build/core_pkg/META-INF/customize/csemdb/csem-derby.jar" "read")' was t
hrown while evaluating an expression.
[sql] Failed to execute: CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('de
rby.database.classpath','CSEM.csemderby')
[sql] java.sql.SQLSyntaxErrorException: The database class path contains a
n unknown jar file '"CSEM"."CSEMDERBY"'.
This error does not occur with Derby 10.13.1.1 but does occur now that I have
upgrade to 10.14.2.0.
I believe the this is related to some security change. Possibly:
https://issues.apache.org/jira/browse/DERBY-6987
The application that is starting the JVM that is running Derby Network Server
has not changed. Only the version of Derby has changed.
Any pointers will be greatly appreciated.
I will be honest here. Trying to find the change in the release notes is darn
near impossible since the release notes for the releases are no longer on the
Derby web site, at least I cannot find them. Having to download an release
and expand it to see what has changed is pretty awful.
So interestingly I just clicked on this link again:
http://db.apache.org/derby/releases/release-10.14.2.0.cgi
Now I get a totally different page being returned. I think this has something
to do with the mirrors. Earlier this morning, it brought me to page where it
shows all of the apache projects and I had to drill down to "db/derby" and then
was able to download the "bin" zip file for 10.14.2.0.
So there is possibly some issue with the mirrors sometimes not displaying the
same content.
Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300
This e-mail and any attached document(s) is confidential and is intended only
for the review of the party to whom it is addressed. If you have received this
transmission in error, please notify the sender immediately and discard the
original message and any attachment(s).
