db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Besosa, Michael" <michael.bes...@pearson.com>
Subject Re: AccessControlException with no security manager
Date Fri, 07 Jun 2019 12:42:48 GMT
I'll open an issue, as you suggest, with the information you requested. And
no, I can't provide a minimum reproducible case yet. A problem with doing
so is that the behavior appears to be sporadic. I haven't found a way to
reproduce it reliably yet.

On Thu, Jun 6, 2019 at 8:15 PM Bryan Pendleton <bpendleton.derby@gmail.com>
wrote:

> Probably best to open an issue in the Derby JIRA, to help keep the
> conversation easy to find and track.
>
> Can you share the complete stack trace of the AccessControlException?
>
> Can you share a run of 'sysinfo' in a configuration where this occurs?
>
> I don't suppose you've been able to whittle this down to a Minimum
> Reproducible Case yet, have you?
>
> thanks,
>
> bryan
>
> On Thu, Jun 6, 2019 at 6:22 AM Besosa, Michael
> <michael.besosa@pearson.com> wrote:
> >
> > We're still interested in ideas about this problem. We are getting
> occasional AccessControlExceptions in an environment with no
> SecurityManager installed. This behavior appears to have started when we
> migrated our application to Java 8. It was never seen prior to that. If
> there is additional information that would be useful, please let me know.
> >
> > On Mon, Jun 3, 2019 at 8:17 PM Bryan Pendleton <
> bpendleton.derby@gmail.com> wrote:
> >>
> >> Ah, good point.
> >>
> >> Yes, I missed that, and yes I was thinking about the network server.
> >>
> >> Sorry about that.
> >>
> >> bryan
> >>
> >> On Mon, Jun 3, 2019 at 8:37 AM Besosa, Michael
> >> <michael.besosa@pearson.com> wrote:
> >> >
> >> > Thinking about it a bit more, I wonder if you missed that this is
> using the embedded engine, not the network server. I know that the network
> server installs a security manager by default, and that there is a system
> property that can be set to disable that behavior. But that's not
> applicable in our situation.
> >> >
> >> > On Mon, Jun 3, 2019 at 8:52 AM Besosa, Michael <
> michael.besosa@pearson.com> wrote:
> >> >>
> >> >> I don't understand what you mean when you say, "Even if you don't
> install a Java security manager...you get a security manager anyway." I
> don't have (haven't installed) a security manager and
> System.getSecurityManager() returns null. And if I "really, really" don't
> want a security manager, how can I say so, other than executing
> System.setSecurityManager(null)?
> >> >>
> >> >> On Fri, May 31, 2019 at 9:03 PM Bryan Pendleton <
> bpendleton.derby@gmail.com> wrote:
> >> >>>
> >> >>> I feel like you're probably hitting DERBY-6648:
> >> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_DERBY-2D6648&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=Hutrm_MTSwNDtab2E2bMNCxLo0eDRIZrB1B5x2AL-1k&e=
> >> >>>
> >> >>> Even if you don't install a Java security manager (perhaps
> especially
> >> >>> if that is so), you get a security manager anyway.
> >> >>>
> >> >>> If you really, really don't want a security manager, you can say
so.
> >> >>>
> >> >>> Or, bite the bullet and define a security manager, and start
> >> >>> assembling the precise security policy that is right for your
> >> >>> particular situation, as in:
> >> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_a_52392015_193453&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=uackNzNN36boV8-m6DGN7VJOPwN4tnfuUwgQBgOmv0I&e=
> ,
> >> >>>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__db.apache.org_derby_docs_10.13_security_csecembeddedperms.html&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=53JhmaGEsK92jA_W0ofwQrvGLuaZ-TLXOiDawh9P3rQ&e=
> >> >>> , etc.
> >> >>>
> >> >>> bryan
> >> >>>
> >> >>> On Fri, May 31, 2019 at 11:58 AM Besosa, Michael
> >> >>> <michael.besosa@pearson.com> wrote:
> >> >>> >
> >> >>> > We have an application that is using the Derby 10.12.1.1 embedded
> engine and Java 8. When the app executes the SELECT shown below, we see an
> exception with the message 'access denied
> org.apache.derby.security.SystemPermission( "engine", "usederbyinternals"
> ): java.security.AccessControlException'.
> >> >>> >
> >> >>> > This application does not install a SecurityManager. I'm at
a bit
> of a loss about how to fix this.
> >> >>> >
> >> >>> > The query:
> >> >>> >
> >> >>> > SELECT
> >> >>> >         DeliveryEvent.AppointmentStart,
> >> >>> >         DeliveryEvent.Attempt,
> >> >>> >         DeliveryEvent.BiometricCheckTypeCode,
> >> >>> >         DeliveryEvent.CandidateID,
> >> >>> >         DeliveryEvent.DeliveryStatus,
> >> >>> >         DeliveryEvent.ExamLanguageID,
> >> >>> >         DeliveryEvent.HasNoTestListBlock,
> >> >>> >         DeliveryEvent.IsDisconnectedIBTDelivery,
> >> >>> >         DeliveryEvent.NextAppointmentID,
> >> >>> >         DeliveryEvent.ProcessStateCode,
> >> >>> >         DeliveryEvent.ProctorID,
> >> >>> >         DeliveryEvent.RegisteredExamVersionID,
> >> >>> >         DeliveryEvent.RegistrationID,
> >> >>> >         DeliveryEvent.SelectedFormID,
> >> >>> >         DeliveryEvent.SelectedExamVersionID,
> >> >>> >         DeliveryEvent.TerminationDate,
> >> >>> >         DeliveryEvent.TimeLimit,
> >> >>> >         DeliveryEvent.TimeLimitAdjust,
> >> >>> >         Clients.Client_ID AS ClientID,
> >> >>> >         Clients.ClientName AS ClientName,
> >> >>> >         ExamSeries.Code AS ExamSeriesCode,
> >> >>> >         ExamVersion.DriverID AS DriverID,
> >> >>> >         ExamLanguage.Title AS TranslatedTitle,
> >> >>> >         (SELECT AppUser.FirstName || ' ' || AppUser.LastName
FROM
> ((((((AssetAppUser INNER JOIN AppUser ON AssetAppUser.AppUserID =
> AppUser.ID) INNER JOIN AssetUsage ON AssetAppUser.AssetID =
> AssetUsage.AssetID) INNER JOIN Asset ON AssetUsage.AssetID = Asset.ID)
> INNER JOIN AssetType ON Asset.AssetTypeID = AssetType.ID) INNER JOIN
> AssetTypeProperty ON AssetType.ID = AssetTypeProperty.AssetTypeID AND
> AssetTypeProperty.AssetTypePropertyValue = 'Examiner') INNER JOIN
> AssetTypePropertyKey ON AssetTypeProperty.AssetTypePropertyKeyID =
> AssetTypePropertyKey.AssetTypePropertyKeyID AND
> AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass') WHERE
> (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID) FETCH FIRST 1 ROWS
> ONLY) AS ExaminerName,
> >> >>> >         (SELECT Asset.Name FROM ((((Asset INNER JOIN AssetType
ON
> Asset.AssetTypeID = AssetType.ID) INNER JOIN AssetUsage ON Asset.ID =
> AssetUsage.AssetID) INNER JOIN AssetTypeProperty ON AssetType.ID =
> AssetTypeProperty.AssetTypeID AND AssetTypeProperty.AssetTypePropertyValue
> = 'Vehicle') INNER JOIN AssetTypePropertyKey ON
> AssetTypeProperty.AssetTypePropertyKeyID =
> AssetTypePropertyKey.AssetTypePropertyKeyID AND
> AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass') WHERE
> (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID) AND
> (AssetType.AssetClassCode IN
> ('Facility','Workstation','CiscoRack','TaskSchedule')) FETCH FIRST 1 ROWS
> ONLY) AS VehicleName,
> >> >>> >         (SELECT COUNT(*) FROM (Accommodation INNER JOIN
> AccommodationStatus ON Accommodation.AccommodationStatusID =
> AccommodationStatus.AccommodationStatusID AND
> AccommodationStatus.StatusCode = 'Granted') WHERE
> (Accommodation.OrderItemID = DeliveryEvent.RegistrationID)) AS
> AccommodationCount,
> >> >>> >         (SELECT COUNT(*) FROM DeliveryBlockedReason WHERE
> (DeliveryBlockedReason.DeliveryEventID = DeliveryEvent.RegistrationID)) AS
> ReasonsBlockedCount,
> >> >>> >         (SELECT DeliveryEventNext.RegistrationID FROM
> DeliveryEvent AS DeliveryEventNext WHERE (DeliveryEvent.RegistrationID =
> DeliveryEventNext.NextAppointmentID)) AS FirstDayRegistrationID
> >> >>> > FROM ((((
> >> >>> >         DeliveryEvent
> >> >>> >         INNER JOIN ExamLanguage
> >> >>> >                 ON DeliveryEvent.ExamLanguageID = ExamLanguage.ID)
> >> >>> >         INNER JOIN ExamSeriesON ExamLanguage.ExamSeriesID
=
> ExamSeries.ID)
> >> >>> > INNER JOIN Clients
> >> >>> > ON ExamSeries.Client_ID = Clients.Client_ID)
> >> >>> > LEFT JOIN ExamVersion
> >> >>> > ON DeliveryEvent.RegisteredExamVersionID = ExamVersion.ID)
> >> >>> > WHERE
> >> >>> > (DeliveryEvent.RegistrationID = 5)
>

Mime
View raw message