[ https://issues.apache.org/jira/browse/DERBY-5411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Pendleton reassigned DERBY-5411: -------------------------------------- Assignee: Kavin Ranawella > Client that does not have Security manager permission to connect gets "ERROR > 08006: Insufficient data while reading from the network" Message should be > clearer > --------------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: DERBY-5411 > URL: https://issues.apache.org/jira/browse/DERBY-5411 > Project: Derby > Issue Type: Bug > Components: Network Client > Affects Versions: 10.8.2.2 > Reporter: Kathey Marsden > Assignee: Kavin Ranawella > Priority: Minor > Labels: derby_triage10_9 > > I was doing a little remote testing for the release candidate and noticed if > a machine does not have permission to connect, then the client shows the > following exception: > ij> connect 'jdbc:derby://x.xx.xxx.xx:1527/wombat'; > ERROR 08006: Insufficient data while reading from the network - expected a > minimum of 6 bytes and received only 0 bytes. The connection has been term > inated. > java.sql.SQLNonTransientConnectionException: Insufficient data while reading > from the network - expected a minimum of 6 bytes and received only 0 byte > s. The connection has been terminated. > at > org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown > Source) > at org.apache.derby.client.am.SqlException.getSQLException(Unknown > Source) > at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source) > at java.sql.DriverManager.getConnection(DriverManager.java:322) > at java.sql.DriverManager.getConnection(DriverManager.java:297) > at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source) > at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source) > at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source) > at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(Unknown > Source) > at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source) > at org.apache.derby.impl.tools.ij.Main.go(Unknown Source) > at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source) > at org.apache.derby.impl.tools.ij.Main.main(Unknown Source) > at org.apache.derby.tools.ij.main(Unknown Source) > Caused by: org.apache.derby.client.am.DisconnectException: Insufficient data > while reading from the network - expected a minimum of 6 bytes and receiv > ed only 0 bytes. The connection has been terminated. > at org.apache.derby.client.net.Reply.fill(Unknown Source) > at org.apache.derby.client.net.Reply.ensureALayerDataInBuffer(Unknown > Source) > at org.apache.derby.client.net.Reply.readDssHeader(Unknown Source) > at org.apache.derby.client.net.Reply.startSameIdChainParse(Unknown > Source) > at > org.apache.derby.client.net.NetConnectionReply.readExchangeServerAttributes(Unknown > Source) > at > org.apache.derby.client.net.NetConnection.readServerAttributesAndKeyExchange(Unknown > Source) > at > org.apache.derby.client.net.NetConnection.flowServerAttributesAndKeyExchange(Unknown > Source) > at > org.apache.derby.client.net.NetConnection.flowUSRIDONLconnect(Unknown Source) > at org.apache.derby.client.net.NetConnection.flowConnect(Unknown > Source) > at org.apache.derby.client.net.NetConnection.<init>(Unknown Source) > at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source) > at > org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown > Source) > ... 12 more > It would be good to have a clearer error message: > To Reproduce, use the script and policy file below changing the url for > derby.codejars to the correct path for your enviroment also in the policy > file my.policy exchange x.x.x.x with the permitted host and y.y.y.y with the > disallowed host. Then try to connect from the disllowed host with connect > 'jdbc:derby://x.x.x.x:1527/wombat'; > Script startServer.sh: > java -Djava.security.manager > -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" > -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl > start -h 0.0.0.0 > Policy File my.policy (change x.x.x.x and y.y.y.y) to the allowed and > disallowed host respectively. )Since the y.y.y.y line is commented it is not > really relevant except for testing that remote connections work properly) > grant codeBase "${derby.codejars}derby.jar" > { > // > // These permissions are needed for everyday, embedded Derby usage. > // > permission java.lang.RuntimePermission "createClassLoader"; > permission java.util.PropertyPermission "derby.*", "read"; > permission java.util.PropertyPermission "user.dir", "read"; > permission java.util.PropertyPermission "derby.storage.jvmInstanceId", > "write"; > permission java.io.FilePermission "${user.dir}${/}-", "read"; > permission java.io.FilePermission "${derby.system.home}","read"; > permission java.io.FilePermission "${derby.system.home}${/}-", > "read,write,delete"; > // > // This permission lets a DBA reload the policy file while the server > // is still running. The policy file is reloaded by invoking the > // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure. > // > permission java.security.SecurityPermission "getPolicy"; > // > // This permission lets you backup and restore databases > // to and from arbitrary locations in your file system. > // > // This permission also lets you import/export data to and from > // arbitrary locations in your file system. > // > // You may want to restrict this access to specific directories. > // > permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; > permission java.netjava -Djava.security.manager > -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/" > -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl > start -h 0.0.0.0 > .SocketPermission "*", "connect,resolve"; > }; > grant codeBase "${derby.codejars}derbynet.jar" > { > // > // This permission lets the Network Server manage connections from clients. > // > // Accept connections from any host. Derby is listening to the host > // interface specified via the -h option to "NetworkServerControl > // start" on the command line, via the address parameter to the > // org.apache.derby.drda.NetworkServerControl constructor in the API > // or via the property derby.drda.host; the default is localhost. > // You may want to restrict allowed hosts, e.g. to hosts in a specific > // subdomain, e.g. "*.acme.com". > //permission java.net.SocketPermission "*", "accept,connect,resolve"; > permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"; > permission java.net.SocketPermission "localhost", "accept,connect,resolve"; > // This is the host we want to connect > permission java.net.SocketPermission "x.x.x.x", "accept,connect,resolve"; > // This is the host we want blocked out. > //permission java.net.SocketPermission "y.y.y.y", "accept,connect,resolve"; > // This permission is required for tracing > permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; > }; > grant codeBase "${derby.codejars}derbytools.jar" > { > // Access all properties using System.getProperties - > // ij enumerates the properties in order to open connections > // for any property set in ij.connection.* and set protocols > // for any property in ij.protocol.* > permission java.util.PropertyPermission "*", "read, write"; > > // Read all files under ${user.dir} > permission java.io.FilePermission "${user.dir}${/}-", "read"; > }; -- This message was sent by Atlassian JIRA (v6.4.14#64029)