Re: Security problem with ggregate functions using Java

[nicholas walton]

Rick,

Concur with the ij problem, I was caught out by the ij script using DERBY_OPTS 
and picking up the security policy which left it with no permissions. Easy fix.

As for Derby version I’ve upgraded to Apache Derby Network Server - 10.13.1.1 
and that partly fixed things, since before doing that the problem would not go 
away even with the security policy in place. 

Thanks for the help.

Nick

> On 20 Feb 2017, at 15:55, Rick Hillegas  wrote:
> 
> Hi Nicholas,
> 
> I think that the ij permissions problem is a red herring. That problem arises 
> because ij is trying to call System.getProperties() but the security policy 
> does not grant property-reading privilege to derbytools.jar.
> 
> Concerning your original problem: What strikes me as significant is your 
> observation that aggregation worked for a while and then broke. The only big 
> state change which occurs during aggregation is when the processing of a 
> large data set causes the engine to dump intermediate results to a temporary 
> file. Eventually, those results must be de-serialized from the temporary 
> file. It is possible that de-serialization can't instantiate your 
> user-defined aggregate without that extra permission.
> 
> I am afraid that your environment confuses me, though. According to your 
> original message, you are running Derby 10.6.2.1. However, user-defined 
> aggregates were not introduced until Derby 10.10.1.1.
> 
> I have created https://issues.apache.org/jira/browse/DERBY-6922 
>  to investigate the problem 
> raised by this issue.
> 
> Hope this helps,
> -Rick
> 
> On 2/20/17, 1:54 AM, nicholas walton wrote:
>> 
>> Rick,
>> 
>> Neither Netbeans nor ij dumped the stack,  I’m afraid.
>> 
>> The full message is
>> 
>> Error code 3, SQL state 38000: The exception 
>> 'java.security.AccessControlException: access denied 
>> ("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' was 
>> thrown while evaluating an expression.
>> Error code 9, SQL state XJ001: Java exception: 'access denied 
>> ("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
>> java.security.AccessControlException’.
>> Line 1, column 1
>> 
>> Did get it working after a while with the security policy below, but ij will 
>> not now run complaining 
>> 
>> Exception in thread "main" java.security.AccessControlException: access 
>> denied ("java.util.PropertyPermission" "*" "read,write")
>>  at 
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>>  at java.security.AccessController.checkPermission(AccessController.java:884)
>>  at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>  at 
>> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
>>  at java.lang.System.getProperties(System.java:630)
>>  at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
>>  at java.security.AccessController.doPrivileged(Native Method)
>>  at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
>> Source)
>>  at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
>>  at org.apache.derby.tools.ij.main(Unknown Source)
>> 
>> =
>> 
>> //
>> //   Licensed to the Apache Software Foundation (ASF) under one or more
>> //   contributor license agreements.  See the NOTICE file distributed with
>> //   this work for additional information regarding copyright ownership.
>> //   The ASF licenses this file to You under the Apache License, Version 2.0
>> //   (the "License"); you may not use this file except in compliance with
>> //   the License.  You may obtain a copy of the License at
>> //
>> //  http://www.apache.org/licenses/LICENSE-2.0 
>> 
>> //
>> //   Unless required by applicable law or agreed to in writing, software
>> //   distributed under the License is distributed on an "AS IS" BASIS,
>> //   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> //   See the License for the specific language governing permissions and
>> //   limitations under the License.
>> //
>> 
>> // This template policy file gives examples of how to configure the
>> // permissions needed to run a Derby network server with the Java
>> // Security manager.
>> //
>> grant codeBase 
>> "file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar
>>  
>> "
>> {
>>   // These permissions are needed for everyday, embedded Derby usage.
>>   //
>>   permission java.lang.RuntimePermission 

Re: Security problem with ggregate functions using Java

[Rick Hillegas]

Hi Nicholas,

I think that the ij permissions problem is a red herring. That problem 
arises because ij is trying to call System.getProperties() but the 
security policy does not grant property-reading privilege to derbytools.jar.


Concerning your original problem: What strikes me as significant is your 
observation that aggregation worked for a while and then broke. The only 
big state change which occurs during aggregation is when the processing 
of a large data set causes the engine to dump intermediate results to a 
temporary file. Eventually, those results must be de-serialized from the 
temporary file. It is possible that de-serialization can't instantiate 
your user-defined aggregate without that extra permission.


I am afraid that your environment confuses me, though. According to your 
original message, you are running Derby 10.6.2.1. However, user-defined 
aggregates were not introduced until Derby 10.10.1.1.


I have created https://issues.apache.org/jira/browse/DERBY-6922 to 
investigate the problem raised by this issue.


Hope this helps,
-Rick

On 2/20/17, 1:54 AM, nicholas walton wrote:

Rick,

Neither Netbeans nor ij dumped the stack,  I’m afraid.

The full message is

Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' 
was thrown while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException’.

Line 1, column 1

Did get it working after a while with the security policy below, but 
ij will not now run complaining


Exception in thread "main" java.security.AccessControlException: 
access denied ("java.util.PropertyPermission" "*" "read,write")
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at 
java.security.AccessController.checkPermission(AccessController.java:884)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at 
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)

at java.lang.System.getProperties(System.java:630)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
Source)

at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)

=

//
//   Licensed to the Apache Software Foundation (ASF) under one or more
//   contributor license agreements.  See the NOTICE file distributed with
//   this work for additional information regarding copyright ownership.
//   The ASF licenses this file to You under the Apache License, 
Version 2.0

//   (the "License"); you may not use this file except in compliance with
//   the License.  You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.

//   See the License for the specific language governing permissions and
//   limitations under the License.
//

// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase 
"file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar"

{
  // These permissions are needed for everyday, embedded Derby usage.
  //
  permission java.lang.RuntimePermission "createClassLoader";
  permission org.apache.derby.security.SystemPermission "engine", 
"usederbyinternals";


  // Next, the permission to read "derby.*" properties is granted to
  // derby.jar. This is necessary for the engine to read derby properties.
  permission java.util.PropertyPermission "derby.*", "read";

  permission java.util.PropertyPermission "user.dir", "read";

  // The next two properties are used to determine if the VM is 32 or 
64 bit.

  //
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-",
  "read,write,delete";

  // This permission lets a DBA reload the policy file while the server is
  // still running. 

Re: Security problem with ggregate functions using Java

[Bryan Pendleton]

Hello Nick,

The ij code is in derbytools.jar, I believe. Did you define a security
policy that covers derbytools.jar?

In particular, to allow calling System.getProperties, try something like:

grant codeBase "${derbyTesting.codejar}derbytools.jar" {
  // Access all properties using System.getProperties -
  // ij enumerates the properties in order to open connections
  // for any property set in ij.connection.* and set protocols
  // for any property in ij.protocol.*
  permission java.util.PropertyPermission "*", "read, write";

  // Read all files under ${user.dir}
  permission java.io.FilePermission "${user.dir}${/}-", "read";

  // IjTestCases read, write, and delete ij's output in the extinout dir
  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,
write, delete";

  // ij needs permission to read the sql files in this jar
  permission java.io.FilePermission "${derbyTesting.testjarpath}", "read";

};

thanks,

bryan

Re: Security problem with ggregate functions using Java

[nicholas walton]

Rick,

Neither Netbeans nor ij dumped the stack,  I’m afraid.

The full message is

Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' was thrown 
while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException’.
Line 1, column 1

Did get it working after a while with the security policy below, but ij will 
not now run complaining 

Exception in thread "main" java.security.AccessControlException: access denied 
("java.util.PropertyPermission" "*" "read,write")
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at 
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at 
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
at java.lang.System.getProperties(System.java:630)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
Source)
at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)

=

//
//   Licensed to the Apache Software Foundation (ASF) under one or more
//   contributor license agreements.  See the NOTICE file distributed with
//   this work for additional information regarding copyright ownership.
//   The ASF licenses this file to You under the Apache License, Version 2.0
//   (the "License"); you may not use this file except in compliance with
//   the License.  You may obtain a copy of the License at
//
//  http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//

// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase 
"file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar"
{
  // These permissions are needed for everyday, embedded Derby usage.
  //
  permission java.lang.RuntimePermission "createClassLoader";
  permission org.apache.derby.security.SystemPermission "engine", 
"usederbyinternals";

  // Next, the permission to read "derby.*" properties is granted to
  // derby.jar. This is necessary for the engine to read derby properties.
  permission java.util.PropertyPermission "derby.*", "read";

  permission java.util.PropertyPermission "user.dir", "read";

  // The next two properties are used to determine if the VM is 32 or 64 bit.
  //
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-",
  "read,write,delete";

  // This permission lets a DBA reload the policy file while the server is
  // still running. The policy file is reloaded by invoking the
  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
  //
  permission java.security.SecurityPermission "getPolicy";

  // This permission lets you backup and restore databases to and from
  // arbitrary locations in your file system.
  //
  // This permission also lets you import/export data to and from arbitrary
  // locations in your file system.
  //
  // You may want to restrict this access to specific directories.
  //
  permission java.io.FilePermission "<>", "read,write,delete";

  // Permissions needed for JMX based management and monitoring.
  //
  // Allows this code to create an MBeanServer:
  //
  permission javax.management.MBeanServerPermission "createMBeanServer";

  // Allows access to Derby's built-in MBeans, within the domain
  // org.apache.derby.  Derby must be allowed to register and unregister these
  // MBeans.  It is possible to allow access only to specific MBeans,
  // attributes or operations. To fine tune this 

Re: Security problem with ggregate functions using Java

[Rick Hillegas]

Thanks for raising this issue, Nicholas. Can you include the full stack 
trace for the error? The template policy may need to grant some 
additional privilege to the engine jar file. It is also possible that 
you have run into the following defect: 
https://issues.apache.org/jira/browse/DERBY-4354


Thanks,
-Rick

On 2/17/17, 9:42 AM, nicholas walton wrote:

Hi,

I need to extend Java’s aggregate functions to include Median, using 
the code below


import java.util.ArrayList;
import java.util.Collections;
import org.apache.derby.agg.Aggregator;

public class median>
  implements Aggregator
{
  private ArrayList _values;

  public median() {}

  public void init() { _values = new ArrayList(); }

  public void accumulate( V value ) { _values.add( value ); }

  public void merge( median other )
  {
  _values.addAll( other._values );
  }

  public V terminate()
  {
  Collections.sort( _values );

  int count = _values.size();

  if ( count == 0 ) { return null; }
  else { return _values.get( count/2 ); }
  }
}

To install I used

CALL 
SQLJ.INSTALL_JAR('/Users/nwalton/Documents/Databases/derbyStats/dist/derbyStats.jar', 
'NWALTON.median',0);
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY 
('derby.database.classpath','NWALTON.median’);


CREATE DERBY AGGREGATE "NWALTON"."MEDIAN" FOR DOUBLE RETURNS DOUBLE 
EXTERNAL NAME 'aggregates.median’ ;


At first this works fine in a trigger or in plain SQL but after a 
while I get the following error


Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' 
was thrown while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException'.

Line 1, column 1

I’ve Googled to no avail for an answer! Can anyone suggest a solution. 
I’m running OS X Sierra Apache Derby Network Server - 10.6.2.1 - 
(999685) under Java version 1.8.0_31-b13.


Thanks in advance

Nick

Re: Security problem with ggregate functions using Java

[toma.george89]

Hi Nicholas,


I think that your issue is due to java policy ( either you need to change your 
Java policy file, or if you supply any do your derby context, update this one ).


Please check https://docs.oracle.com/cd/E19225-01/820-5594/ahtbo/index.html, 
and 

this 
http://docs.oracle.com/javase/7/docs/technotes/guides/security/permissions.html 

for more information.


In the end , I believe that you will need to append accessClassInPackage rights 
to the derby aggregator, org.apache.derby.agg.Aggregator;.



E.g. :

grant{ 
permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.derby.agg";
}



Regards,

George











Sent from Windows Mail





From: nicholas walton
Sent: ‎Friday‎, ‎February‎ ‎17‎, ‎2017 ‎7‎:‎42‎ ‎PM
To: derby-user@db.apache.org




Hi,



I need to extend Java’s aggregate functions to include Median, using the code 
below




import java.util.ArrayList;
import java.util.Collections;
import org.apache.derby.agg.Aggregator;

public class median> 
  implements Aggregator
{
  private ArrayList _values;

  public median() {}

  public void init() { _values = new ArrayList(); }

  public void accumulate( V value ) { _values.add( value ); }

  public void merge( median other )
  { 
  _values.addAll( other._values ); 
  }

  public V terminate()
  {
  Collections.sort( _values );

  int count = _values.size();

  if ( count == 0 ) { return null; }
  else { return _values.get( count/2 ); }
  }
}




To install I used




CALL 
SQLJ.INSTALL_JAR('/Users/nwalton/Documents/Databases/derbyStats/dist/derbyStats.jar',
 'NWALTON.median',0);
CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY 
('derby.database.classpath','NWALTON.median’);



CREATE DERBY AGGREGATE "NWALTON"."MEDIAN" FOR DOUBLE RETURNS DOUBLE EXTERNAL 
NAME 'aggregates.median’ ;




At first this works fine in a trigger or in plain SQL but after a while I get 
the following error




Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' was thrown 
while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException'.
Line 1, column 1




I’ve Googled to no avail for an answer! Can anyone suggest a solution. I’m 
running OS X Sierra Apache Derby Network Server - 10.6.2.1 - (999685) under 
Java version 1.8.0_31-b13.




Thanks in advance




Nick