[
https://issues.apache.org/jira/browse/DERBY-5411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kathey Marsden updated DERBY-5411:
----------------------------------
Component/s: Network Client
> Client that does not have Security manager permission to connect gets "ERROR
> 08006: Insufficient data while reading from the network" Message should be
> clearer
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-5411
> URL: https://issues.apache.org/jira/browse/DERBY-5411
> Project: Derby
> Issue Type: Bug
> Components: Network Client
> Affects Versions: 10.8.2.2
> Reporter: Kathey Marsden
> Priority: Minor
>
> I was doing a little remote testing for the release candidate and noticed if
> a machine does not have permission to connect, then the client shows the
> following exception:
> ij> connect 'jdbc:derby://9.72.133.41:1527/wombat';
> ERROR 08006: Insufficient data while reading from the network - expected a
> minimum of 6 bytes and received only 0 bytes. The connection has been term
> inated.
> java.sql.SQLNonTransientConnectionException: Insufficient data while reading
> from the network - expected a minimum of 6 bytes and received only 0 byte
> s. The connection has been terminated.
> at
> org.apache.derby.client.am.SQLExceptionFactory40.getSQLException(Unknown
> Source)
> at org.apache.derby.client.am.SqlException.getSQLException(Unknown
> Source)
> at org.apache.derby.jdbc.ClientDriver.connect(Unknown Source)
> at java.sql.DriverManager.getConnection(DriverManager.java:322)
> at java.sql.DriverManager.getConnection(DriverManager.java:297)
> at org.apache.derby.impl.tools.ij.ij.dynamicConnection(Unknown Source)
> at org.apache.derby.impl.tools.ij.ij.ConnectStatement(Unknown Source)
> at org.apache.derby.impl.tools.ij.ij.ijStatement(Unknown Source)
> at org.apache.derby.impl.tools.ij.utilMain.runScriptGuts(Unknown
> Source)
> at org.apache.derby.impl.tools.ij.utilMain.go(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.go(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
> at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
> at org.apache.derby.tools.ij.main(Unknown Source)
> Caused by: org.apache.derby.client.am.DisconnectException: Insufficient data
> while reading from the network - expected a minimum of 6 bytes and receiv
> ed only 0 bytes. The connection has been terminated.
> at org.apache.derby.client.net.Reply.fill(Unknown Source)
> at org.apache.derby.client.net.Reply.ensureALayerDataInBuffer(Unknown
> Source)
> at org.apache.derby.client.net.Reply.readDssHeader(Unknown Source)
> at org.apache.derby.client.net.Reply.startSameIdChainParse(Unknown
> Source)
> at
> org.apache.derby.client.net.NetConnectionReply.readExchangeServerAttributes(Unknown
> Source)
> at
> org.apache.derby.client.net.NetConnection.readServerAttributesAndKeyExchange(Unknown
> Source)
> at
> org.apache.derby.client.net.NetConnection.flowServerAttributesAndKeyExchange(Unknown
> Source)
> at
> org.apache.derby.client.net.NetConnection.flowUSRIDONLconnect(Unknown Source)
> at org.apache.derby.client.net.NetConnection.flowConnect(Unknown
> Source)
> at org.apache.derby.client.net.NetConnection.<init>(Unknown Source)
> at org.apache.derby.client.net.NetConnection40.<init>(Unknown Source)
> at
> org.apache.derby.client.net.ClientJDBCObjectFactoryImpl40.newNetConnection(Unknown
> Source)
> ... 12 more
> It would be good to have a clearer error message:
> To Reproduce, use the script and policy file below changing the url for
> derby.codejars to the correct path for your enviroment also in the policy
> file my.policy exchange x.x.x.x with the permitted host and y.y.y.y with the
> disallowed host. Then try to connect from the disllowed host with connect
> 'jdbc:derby://x.x.x.x:1527/wombat';
> Script startServer.sh:
> java -Djava.security.manager
> -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/"
> -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl
> start -h 0.0.0.0
> Policy File my.policy (change x.x.x.x and y.y.y.y) to the allowed and
> disallowed host respectively. )Since the y.y.y.y line is commented it is not
> really relevant except for testing that remote connections work properly)
> grant codeBase "${derby.codejars}derby.jar"
> {
> //
> // These permissions are needed for everyday, embedded Derby usage.
> //
> permission java.lang.RuntimePermission "createClassLoader";
> permission java.util.PropertyPermission "derby.*", "read";
> permission java.util.PropertyPermission "user.dir", "read";
> permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
> "write";
> permission java.io.FilePermission "${user.dir}${/}-", "read";
> permission java.io.FilePermission "${derby.system.home}","read";
> permission java.io.FilePermission "${derby.system.home}${/}-",
> "read,write,delete";
> //
> // This permission lets a DBA reload the policy file while the server
> // is still running. The policy file is reloaded by invoking the
> // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
> //
> permission java.security.SecurityPermission "getPolicy";
> //
> // This permission lets you backup and restore databases
> // to and from arbitrary locations in your file system.
> //
> // This permission also lets you import/export data to and from
> // arbitrary locations in your file system.
> //
> // You may want to restrict this access to specific directories.
> //
> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> permission java.netjava -Djava.security.manager
> -Dderby.codejars="file:c:/cygwin/home/kmarsden/projects/10.8.2testing/db-derby-10.8.2.1-lib/lib/"
> -Djava.security.policy=my.policy org.apache.derby.drda.NetworkServerControl
> start -h 0.0.0.0
> .SocketPermission "*", "connect,resolve";
> };
> grant codeBase "${derby.codejars}derbynet.jar"
> {
> //
> // This permission lets the Network Server manage connections from clients.
> //
> // Accept connections from any host. Derby is listening to the host
> // interface specified via the -h option to "NetworkServerControl
> // start" on the command line, via the address parameter to the
> // org.apache.derby.drda.NetworkServerControl constructor in the API
> // or via the property derby.drda.host; the default is localhost.
> // You may want to restrict allowed hosts, e.g. to hosts in a specific
> // subdomain, e.g. "*.acme.com".
> //permission java.net.SocketPermission "*", "accept,connect,resolve";
> permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
> permission java.net.SocketPermission "localhost", "accept,connect,resolve";
> // This is the host we want to connect
> permission java.net.SocketPermission "x.x.x.x", "accept,connect,resolve";
> // This is the host we want blocked out.
> //permission java.net.SocketPermission "y.y.y.y", "accept,connect,resolve";
> // This permission is required for tracing
> permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
> };
> grant codeBase "${derby.codejars}derbytools.jar"
> {
> // Access all properties using System.getProperties -
> // ij enumerates the properties in order to open connections
> // for any property set in ij.connection.* and set protocols
> // for any property in ij.protocol.*
> permission java.util.PropertyPermission "*", "read, write";
>
> // Read all files under ${user.dir}
> permission java.io.FilePermission "${user.dir}${/}-", "read";
> };
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
