db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Besosa, Michael" <michael.bes...@pearson.com>
Subject Re: AccessControlException with no security manager
Date Thu, 06 Jun 2019 13:22:14 GMT
We're still interested in ideas about this problem. We are getting
occasional AccessControlExceptions in an environment with no
SecurityManager installed. This behavior appears to have started when we
migrated our application to Java 8. It was never seen prior to that. If
there is additional information that would be useful, please let me know.

On Mon, Jun 3, 2019 at 8:17 PM Bryan Pendleton <bpendleton.derby@gmail.com>
wrote:

> Ah, good point.
>
> Yes, I missed that, and yes I was thinking about the network server.
>
> Sorry about that.
>
> bryan
>
> On Mon, Jun 3, 2019 at 8:37 AM Besosa, Michael
> <michael.besosa@pearson.com> wrote:
> >
> > Thinking about it a bit more, I wonder if you missed that this is using
> the embedded engine, not the network server. I know that the network server
> installs a security manager by default, and that there is a system property
> that can be set to disable that behavior. But that's not applicable in our
> situation.
> >
> > On Mon, Jun 3, 2019 at 8:52 AM Besosa, Michael <
> michael.besosa@pearson.com> wrote:
> >>
> >> I don't understand what you mean when you say, "Even if you don't
> install a Java security manager...you get a security manager anyway." I
> don't have (haven't installed) a security manager and
> System.getSecurityManager() returns null. And if I "really, really" don't
> want a security manager, how can I say so, other than executing
> System.setSecurityManager(null)?
> >>
> >> On Fri, May 31, 2019 at 9:03 PM Bryan Pendleton <
> bpendleton.derby@gmail.com> wrote:
> >>>
> >>> I feel like you're probably hitting DERBY-6648:
> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_DERBY-2D6648&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=Hutrm_MTSwNDtab2E2bMNCxLo0eDRIZrB1B5x2AL-1k&e=
> >>>
> >>> Even if you don't install a Java security manager (perhaps especially
> >>> if that is so), you get a security manager anyway.
> >>>
> >>> If you really, really don't want a security manager, you can say so.
> >>>
> >>> Or, bite the bullet and define a security manager, and start
> >>> assembling the precise security policy that is right for your
> >>> particular situation, as in:
> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_a_52392015_193453&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=uackNzNN36boV8-m6DGN7VJOPwN4tnfuUwgQBgOmv0I&e=
> ,
> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__db.apache.org_derby_docs_10.13_security_csecembeddedperms.html&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=53JhmaGEsK92jA_W0ofwQrvGLuaZ-TLXOiDawh9P3rQ&e=
> >>> , etc.
> >>>
> >>> bryan
> >>>
> >>> On Fri, May 31, 2019 at 11:58 AM Besosa, Michael
> >>> <michael.besosa@pearson.com> wrote:
> >>> >
> >>> > We have an application that is using the Derby 10.12.1.1 embedded
> engine and Java 8. When the app executes the SELECT shown below, we see an
> exception with the message 'access denied
> org.apache.derby.security.SystemPermission( "engine", "usederbyinternals"
> ): java.security.AccessControlException'.
> >>> >
> >>> > This application does not install a SecurityManager. I'm at a bit of
> a loss about how to fix this.
> >>> >
> >>> > The query:
> >>> >
> >>> > SELECT
> >>> >         DeliveryEvent.AppointmentStart,
> >>> >         DeliveryEvent.Attempt,
> >>> >         DeliveryEvent.BiometricCheckTypeCode,
> >>> >         DeliveryEvent.CandidateID,
> >>> >         DeliveryEvent.DeliveryStatus,
> >>> >         DeliveryEvent.ExamLanguageID,
> >>> >         DeliveryEvent.HasNoTestListBlock,
> >>> >         DeliveryEvent.IsDisconnectedIBTDelivery,
> >>> >         DeliveryEvent.NextAppointmentID,
> >>> >         DeliveryEvent.ProcessStateCode,
> >>> >         DeliveryEvent.ProctorID,
> >>> >         DeliveryEvent.RegisteredExamVersionID,
> >>> >         DeliveryEvent.RegistrationID,
> >>> >         DeliveryEvent.SelectedFormID,
> >>> >         DeliveryEvent.SelectedExamVersionID,
> >>> >         DeliveryEvent.TerminationDate,
> >>> >         DeliveryEvent.TimeLimit,
> >>> >         DeliveryEvent.TimeLimitAdjust,
> >>> >         Clients.Client_ID AS ClientID,
> >>> >         Clients.ClientName AS ClientName,
> >>> >         ExamSeries.Code AS ExamSeriesCode,
> >>> >         ExamVersion.DriverID AS DriverID,
> >>> >         ExamLanguage.Title AS TranslatedTitle,
> >>> >         (SELECT AppUser.FirstName || ' ' || AppUser.LastName FROM
> ((((((AssetAppUser INNER JOIN AppUser ON AssetAppUser.AppUserID =
> AppUser.ID) INNER JOIN AssetUsage ON AssetAppUser.AssetID =
> AssetUsage.AssetID) INNER JOIN Asset ON AssetUsage.AssetID = Asset.ID)
> INNER JOIN AssetType ON Asset.AssetTypeID = AssetType.ID) INNER JOIN
> AssetTypeProperty ON AssetType.ID = AssetTypeProperty.AssetTypeID AND
> AssetTypeProperty.AssetTypePropertyValue = 'Examiner') INNER JOIN
> AssetTypePropertyKey ON AssetTypeProperty.AssetTypePropertyKeyID =
> AssetTypePropertyKey.AssetTypePropertyKeyID AND
> AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass') WHERE
> (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID) FETCH FIRST 1 ROWS
> ONLY) AS ExaminerName,
> >>> >         (SELECT Asset.Name FROM ((((Asset INNER JOIN AssetType ON
> Asset.AssetTypeID = AssetType.ID) INNER JOIN AssetUsage ON Asset.ID =
> AssetUsage.AssetID) INNER JOIN AssetTypeProperty ON AssetType.ID =
> AssetTypeProperty.AssetTypeID AND AssetTypeProperty.AssetTypePropertyValue
> = 'Vehicle') INNER JOIN AssetTypePropertyKey ON
> AssetTypeProperty.AssetTypePropertyKeyID =
> AssetTypePropertyKey.AssetTypePropertyKeyID AND
> AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass') WHERE
> (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID) AND
> (AssetType.AssetClassCode IN
> ('Facility','Workstation','CiscoRack','TaskSchedule')) FETCH FIRST 1 ROWS
> ONLY) AS VehicleName,
> >>> >         (SELECT COUNT(*) FROM (Accommodation INNER JOIN
> AccommodationStatus ON Accommodation.AccommodationStatusID =
> AccommodationStatus.AccommodationStatusID AND
> AccommodationStatus.StatusCode = 'Granted') WHERE
> (Accommodation.OrderItemID = DeliveryEvent.RegistrationID)) AS
> AccommodationCount,
> >>> >         (SELECT COUNT(*) FROM DeliveryBlockedReason WHERE
> (DeliveryBlockedReason.DeliveryEventID = DeliveryEvent.RegistrationID)) AS
> ReasonsBlockedCount,
> >>> >         (SELECT DeliveryEventNext.RegistrationID FROM DeliveryEvent
> AS DeliveryEventNext WHERE (DeliveryEvent.RegistrationID =
> DeliveryEventNext.NextAppointmentID)) AS FirstDayRegistrationID
> >>> > FROM ((((
> >>> >         DeliveryEvent
> >>> >         INNER JOIN ExamLanguage
> >>> >                 ON DeliveryEvent.ExamLanguageID = ExamLanguage.ID)
> >>> >         INNER JOIN ExamSeriesON ExamLanguage.ExamSeriesID =
> ExamSeries.ID)
> >>> > INNER JOIN Clients
> >>> > ON ExamSeries.Client_ID = Clients.Client_ID)
> >>> > LEFT JOIN ExamVersion
> >>> > ON DeliveryEvent.RegisteredExamVersionID = ExamVersion.ID)
> >>> > WHERE
> >>> > (DeliveryEvent.RegistrationID = 5)
>

Mime
View raw message