Re: SecurityManager question

Wed, 08 Feb 2006 21:04:58 -0800 

Hi Rick,
What does the security policy file say with regard to the jar file? That is, what permissions are granted to the code base defined by the jar? 


As I recall, there are various permissions needed to be granted to  
the Derby code base (regardless of whether it's autoloaded or loaded  
by the application) when running with a security manager. Even  
"trivial" things like permission to access system properties need to  
be explicitly granted to the code base.



Failures in security often appear to be "swallowed" because of one of  
two cases:


1. There is no code to which to report the failure (might be this case)


2. The failure itself is considered a security exposure (file  
permissions problems are sometimes reported as "unable to open file"  
with no further detail as to exactly what file was denied).


Apologies in advance if this has already been discussed.

Craig

On Feb 8, 2006, at 4:37 PM, Rick Hillegas wrote:


Hi Myrna,


Thanks, the problem does occur if I remove the Derby test harness  
from the picture. I have attached to JIRA 930 a patch which  
demonstrates the problem: The Derby drivers fail to autoload when  
you run under a SecurityManager. However, they do autoload if you  
don't install a SecurityManager.


Hi Dan,


Would appreciate any advice which might occur to you given your  
extensive work with SecurityManagers.


Thanks,
-Rick

Myrna van Lunteren wrote:


I am wondering - if you run the test program standalone *with* a  
SecurityManager, what do you get?

 Myrna


 On 2/8/06, *Rick Hillegas* <[EMAIL PROTECTED]  
<mailto:[EMAIL PROTECTED]>> wrote:


    I am tracking down a problem with autoloading jdbc drivers when
    running
    from jar files under the Derby test harness on jdk1.6. Capsule
    summary:


    SUCCESS-1 The drivers correctly autoload (from the information  
in the

    jar file) when I run my test program standalone (without a
    SecurityManager)


    SUCCESS-2 The drivers also correctly autoload if I run the  
test under

    the Derby test harness but disable the SecurityManager

    FAILURE  However, the drivers fail to autoload when I run my test
    program under the default Derby test harness (which sets up a
    SecurityManager)


    The vm silently swallows the failure. When I run these test  
cases with

    the the java -verbose flag, I see the following:

    o For the success cases, the autoloading of the driver is logged.


    o For the failure (Derby test harness) case, around the same  
place in

    the log, I see AccessControlException being loaded. This is never
    loaded
    in the success cases.


    So I seem to have some kind of SecurityManager issue here. But  
what?
    Later on in the failure case, I successfully load the driver  
using

    Class.forName(). What is different in the Derby harness security

    environment between autoload time and Class.forName() time?  
How can I

    instrument vm startup to tease open the swallowed
    AccessControlException? Would appreciate any advice you may have.

    Thanks,
    -Rick






Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:[EMAIL PROTECTED]
P.S. A good JDO? O, Gasp!




Attachment:
smime.p7s

Description: S/MIME cryptographic signature






















					Reply via email to