db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bergquist, Brett" <BBergqu...@canoga.com>
Subject RE: Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with Derby 10.14.2.0
Date Thu, 07 Jun 2018 19:09:26 GMT
Yes the release notes are showing up now.   I cleared the browser cache to make sure as well.
  It was very disconcerting to find the information gone and one dumped into a directory listing
of the Apache projects and having to root around (ie. I had to assume that the link "db" took
me to where Derby might be located).   Glad it is all better now!

I can create a security policy file and start it with that or I believe I could move my "jar"
that has functions and procedures loaded into Derby with the "SQLJ.INSTALL_JAR" call into
the "derby home" directory and load the functions from there.   It is only during installation
of our product that these functions/procedures are loaded.   I don't need to have a general
purpose area to load from.

Thanks for taking the time to get back on this Bryan.   It is much appreciated.

Brett

-----Original Message-----
From: Bryan Pendleton [mailto:bpendleton.derby@gmail.com]
Sent: Monday, June 04, 2018 9:02 PM
To: Derby Discussion
Subject: Re: Question on why I am getting a security exception calling SQLJ.INSTALL_JAR with
Derby 10.14.2.0

Hi Brett,

I'm not sure what's going on with the mirrors. The cgi page is working properly for me now,
and it contains the release notes on that page.

http://db.apache.org/derby/releases/release-10.14.2.0.cgi

When you finally got the the right page, did it have the release notes on it?

Meanwhile, w.r.t. the permissions question, I think you are right that DERBY-6987 is the source
of your problems.

Can you change your startup procedures so that you specify a security policy with the slightly
looser permission that your application requires?

Here's the docs on how to provide your desired security policy:
https://db.apache.org/derby/docs/10.14/security/csecjavasecurity.html

thanks,

bryan


On Mon, Jun 4, 2018 at 8:18 AM, Bergquist, Brett <BBergquist@canoga.com> wrote:
> I am getting this error when trying to install a JAR
>
>
>
>       [sql] Failed to execute:  CALL
> SQLJ.INSTALL_JAR('/opt/canogaview/temp/buil
>
> d/core_pkg/META-INF/customize/csemdb/csem-derby.jar',
> 'CSEM.csemderby', 0)
>
>       [sql] java.sql.SQLTransactionRollbackException: The exception
> 'java.securi
>
> ty.AccessControlException: access denied ("java.io.FilePermission"
> "/opt/canogav
>
> iew/temp/build/core_pkg/META-INF/customize/csemdb/csem-derby.jar" "read")'
> was t
>
> hrown while evaluating an expression.
>
>       [sql] Failed to execute:   CALL
> SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('de
>
> rby.database.classpath','CSEM.csemderby')
>
>       [sql] java.sql.SQLSyntaxErrorException: The database class path
> contains a
>
> n unknown jar file '"CSEM"."CSEMDERBY"'.
>
>
>
> This error does not occur with Derby 10.13.1.1 but does occur now that
> I have upgrade to 10.14.2.0.
>
>
>
> I believe the this is related to some security change.   Possibly:
>
>
>
> https://issues.apache.org/jira/browse/DERBY-6987
>
>
>
> The application that is starting the JVM that is running Derby Network
> Server has not changed.   Only the version of Derby has changed.
>
>
>
> Any pointers will be greatly appreciated.
>
>
>
> I will be honest here.  Trying to find the change in the release notes
> is darn near impossible since the release notes for the releases are no longer
> on the Derby web site, at least I cannot find them.   Having to download an
> release and expand it to see what has changed is pretty awful.
>
>
>
> So interestingly I just clicked on this link again:
>
>
>
> http://db.apache.org/derby/releases/release-10.14.2.0.cgi
>
>
>
> Now I get a totally different page being returned.   I think this has
> something to do with the mirrors.   Earlier this morning, it brought me to
> page where it shows all of the apache projects and I had to drill down
> to “db/derby” and then was able to download the “bin” zip file for 10.14.2.0.
>
>
>
> So there is possibly some issue with the mirrors sometimes not
> displaying the same content.
>
>
> ________________________________
> Canoga Perkins
> 20600 Prairie Street
> Chatsworth, CA 91311
> (818) 718-6300
>
> This e-mail and any attached document(s) is confidential and is
> intended only for the review of the party to whom it is addressed. If
> you have received this transmission in error, please notify the sender
> immediately and discard the original message and any attachment(s).

Canoga Perkins
20600 Prairie Street
Chatsworth, CA 91311
(818) 718-6300

This e-mail and any attached document(s) is confidential and is intended only for the review
of the party to whom it is addressed. If you have received this transmission in error, please
notify the sender immediately and discard the original message and any attachment(s).
Mime
View raw message