Hi Brad,
Writing a valid security policy file can be a bit tricky. I am not sure
that you have identified the codebase of your jar file with a legal URL.
I would expect to see some double slashes in the URL. The following kind
of URL works for me:
grant codeBase "file:///opt/DerbyTrunk/jars/sane/derby.jar"
{
...
};
Hope this helps,
-Rick
bradm6406 wrote:
Hi,
I am trying to add a custom procedure to my Derby database that will backup
the database and then zip the resulting backup folder. I can call the
procedure with no problems and it creates the database backup using a call
to SYSCS_UTIL.SYSCS_BACKUP_DATABASE(). The problem comes when I try to zip
the resulting folder.
I took the zipping code from this URL:
http://www.acm.org/crossroads/xrds6-3/ovp63.html and added the SimpleZip
class to my package. I then added the makeZip procedure to my database. I
can call the makeZip procedure with no problems so I know it is registered
properly in Derby but I get an exception when the code tries to create the
zip file on the hard drive.
This is the error I am getting:
java.sql.SQLException: The exception 'java.security.AccessControlException:
access denied (java.io.FilePermission D:\derby_database\backups\20080215.zip
write)' was thrown while evaluating an expression.
I was assuming that I needed to add additional permissions to my policy
file, so I added this:
grant codeBase "file:${derby.system.home}${/}lib${/}DerbyHelpers.jar"
{
permission java.io.FilePermission "${derby.system.home}${/}backups${/}-",
"read,write,delete";
};
That didn't work. I still got the same error. So I decided to try creating
a new policy file that gave all permissions to everything and see what
happened. My new policy file looks like this:
// Give permissions to all of my Derby jar files, and my custom jar file
grant codeBase "file:${derby.system.home}/lib/-" {
permission java.security.AllPermission;
};
// I have a copy of the Sun JRE in d:\derby\database\java\ that I am using,
give all permissions to all of the java libraries
grant codeBase "file:D:/derby_database/java/lib/-"{
permission java.security.AllPermission;
};
This still doesn't work. Now I'm stumped. I'm very new to Java and just
struggling through it because we decided to use Derby for our program. I
would have thought that giving the FilePermissions to my custom jar file
would have worked but it isn't. Each time I made a change to the policy
file I restarted the network server just to be sure that the new policy file
has been reloaded. I am 100% sure the policy file is being used because if
I change it so that the wrapper.jar file doesn't have the needed permissions
then I get errors when starting the service using the wrapper.
If i call the makeZip function directly from Eclipse then it creates a zip
file with no problems. The error is only occurring when I am running the
code from within Derby.
Any suggestions?
Thanks,
Brad
