bradm6406 wrote:
Hi,
I am having problems running code from within a signed jar file if the jar
file has been loaded into the database using sqlj.install_jar.
I have signed my jar file and if I add the jar file to my Java ClassPath
then the policy file below works just fine and I can run the code in my jar
file. If I remove the jar file from my Java ClassPath and install the jar
into the database using sqlj.install_jar('my.jar', 'APP.myClass') and
SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY('derby.database.classpath',
'APP.myClass') then I get the error "The exception
'java.security.AccessControlException: access denied
(java.util.PropertyPermission derby.system.home read)' was thrown while
evaluating an expression." when trying to read the derby.system.home
property in code inside my jar file.
I am using the default security manager (java.security.manager="").
Here are the relevant pieces of my policy file.
------------------------------------------------------------
keystore "my.keystore";
grant signedBy "myalias"
{
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
permission java.util.PropertyPermission "derby.*", "read";
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.util.PropertyPermission "user.dir", "read";
};
------------------------------------------------------------
I tried setting the keystore value to "${derby.system.home}${/}my.keystore";
in case the problem was that Derby was unable to find my.keystore without
having the full path to it, but that didn't work.
I am using Derby 10.3.2.1 on a Windows XP Pro machine.
Any suggestions?
Can you share the stack trace?
The only thing I can think of is you are not getting the system property
in a privileged block, but then that should also fail if the jar is on
the classpath. (assuming this is being called in both cases from a SQL
procedure or function implemented in Java).
Dan.
