db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@oracle.com>
Subject Re: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
Date Tue, 22 Jul 2014 15:41:02 GMT
Hi George,

I don't see this problem with release when I run the network 
server this way...

java org.apache.derby.drda.NetworkServerControl start -p 8246

...and run the following script...

connect 'jdbc:derby://localhost:8246/memory:db;create=true';

call sqlj.install_jar( 'helloWorld.jar', 'APP.HELLO_WORLD', 0 );

call syscs_util.syscs_set_database_property( 'derby.database.classpath', 

create procedure helloWorld( args varchar( 32672 )... )
language java parameter style derby no sql
external name 'HelloWorld.main';

call helloWorld();

In this experiment, Derby uses the default server policy which is 
bundled inside derbynet.jar at


I have attached that policy to this message. As you can see, that policy 
does NOT grant the following permissions to any protection domain:

   permission java.lang.RuntimePermission "getClassLoader";
   permission java.lang.RuntimePermission "setContextClassLoader";

We might be able to say more if you could include the full stack trace 
which you are seeing.


On 7/21/14 12:21 PM, spykee wrote:
> Hi folks,
> I have a problem and I hope someone can help me.
> -  I added a specific jar file in derby, and every time I execute a stored
> procedure from that jar I encounter:
> -- java.security.AccessControlException: access denied
> ("java.lang.RuntimePermission" "getClassLoader")
> * I searched on internet a solution for this, and the problem reside in the
> security policy.
> * I don't want to use as an argument a specific security politicy
> (-D...=myPolicy) while starting derby (network server).
> * I searched my Java policy ( C:\Program Files\Java\jre8\lib\security ) and
> I added the followings(java.policy file):
> grant codeBase "file://C:/Program Files/Java/jdk1.8.0/db/lib/derby.jar"
> {
>    permission java.lang.RuntimePermission "createClassLoader";
>    permission java.util.PropertyPermission "derby.*", "read";
>    permission java.lang.RuntimePermission "getClassLoader";
>    permission java.util.PropertyPermission "user.dir", "read";
>    permission java.lang.RuntimePermission "setContextClassLoader";
> permission java.util.PropertyPermission "derby.*", "read";
>    permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
> "write";
> permission java.io.FilePermission"C:/Users/myUser/.netbeans-derby",
> "read,write,delete";
>    permission java.io.FilePermission"C:/Users/myUser/.netbeans-derby{/}-",
> "read,write,delete";
> };
> I tried to use the Linux separator (/), the windows one(\) for the file
> path... same errors on my Netbeans. I start/stop Apache Derby from Netbeans.
> Can someone give me a hint  ?
> Cheers,
> George
> --
> View this message in context: http://apache-database.10148.n7.nabble.com/java-security-AccessControlException-access-denied-java-lang-RuntimePermission-getClassLoader-tp140900.html
> Sent from the Apache Derby Users mailing list archive at Nabble.com.

View raw message