[
https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13880392#comment-13880392
]
Myrna van Lunteren commented on DERBY-6438:
-------------------------------------------
Thanks Knut for the explanations.
I probably should have grabbed the template.policy file from the source code
anyway - that one works without changes if I pass the correct parameter for
derby.install.url.
And I did figure out what I was doing wrong, mostly mistyping the url path for
the 'derby.install.url' property. For a while I missed the final '/', in a long
path i.e., in the end I passed in
-Dderby.install.url=file:///c:/[blahblahetc]/1010jars
instead of
-Dderby.install.url=file:///c:/[blahblahetc]/1010jars/
so it never found the jar files.
Also, I had trouble with the number of slashes after the file parameter.
One, or three worked:
-Dderby.install.url=file:///c:/jars/1010jars/
-Dderby.install.url=file:/c:/jars/1010jars/
but two did not.
One more warning for possible users picking up the 1010_server.policy file
attached to this issue; if you have tracing on, you may need to resolve/pass in
the property derby.drda.traceDirectory.
Finally, this just a note, if I successfully started the server using the
command identified:
java -Djava.security.manager
-Djava.security.policy=c:/policytst/1010_server.policy
-Dderby.security.port=1527 -Dderby.install.url=file:///c:/jars/1010jars/
org.apache.derby.drda.NetworkServerControl start &
I could shutdown the server with just:
java org.apache.derby.drda.NetworkServerControl shutdown
But when I tried to use the same policy file for the shutdown, I needed to add
"connect, resolve" for the localhost:${derby.security.port}.
> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
> Key: DERBY-6438
> URL: https://issues.apache.org/jira/browse/DERBY-6438
> Project: Derby
> Issue Type: Improvement
> Components: Network Server
> Affects Versions: 10.11.0.0
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2,
> 10.10.1.4, 10.11.0.0
>
> Attachments: 1010_server.policy, 1010_server.policy,
> 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html,
> releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it
> listens to, but this permission is not granted by the basic server policy
> that's installed by default. This doesn't cause any problems in most cases,
> since the JVM's default policy grants all code bases SocketPermission
> "listen" on a range of ports, and Derby's network server port is within that
> range.
> Still, the network server should not rely on this fact. It is possible to run
> the network server on any port, not only those ports that happen be in the
> range that's given carte blanche by the platform's default policy. The
> network server will however not be able to run on those ports with the basic
> policy currently, only with a custom policy or with the security manager
> disabled.
> The default policy should make this permission explicit.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
