Hi,

Sorry for the late reply to this mail but I was able to create and test a
configuration and I have some doubts and questions.
I ask you if you can review my config that I describe in the mail.
I am sorry if it is a long email, I hope someone will read it :)

In my test environment I have the directory with databases in /tmp/1/ and
as derby installation directory /tmp/2/ so I have
/tmp/2/db-derby-10.15.2.0-bin/lib.

I put my databases in /tmp/1 so I have /tmp/1/db1 , /tmp/1/db2 etc. and I
created in the same dir a new database named credentials where I enabled
native authentication that will be used by the network server for shutdown
with user/password.

I created /tmp/1/derby.properties file with content:

derby.authentication.provider=NATIVE:credentials

I edited the server template that comes from the templates dir in the demo
dir (I paste it at the end of the email) and I put it
/tmp/2/db-derby-10.15.2.0-bin/lib.

To run the server I use, from /tmp/2/db-derby-10.15.2.0-bin/lib :

java -Djava.security.policy=serverTemplate.policy
-Dderby.system.home=/tmp/1  -jar derbyrun.jar server start

Every database in /tmp/1 has native authentication enabled, so every
database has its own user/password different for each one.

It seems to work: I can connect to the various databases and to shutdown
the server I have to use

java -jar derbyrun.jar server shutdown -user someuser -password somepassword

where someuser and somepassword are the ones that I defined in the
credentials database.

Is my test environment/configuration correct ?

I have other questions:

1 - it’s not clear to me how credentials db used by the server affects the
creation of new databases. I see that to create a database I have to use
the same credentials I saved in the credentials database, but if I have a
database just created, so not new, with its owner defined this will not
affect this database, right? Also It’s not clear if I have to use
derby.authentication.provider=NATIVE:credentials or
derby.authentication.provider=NATIVE:credentials:LOCAL for server
credentials in /tmp/1/derby.properties.
This can be ok, what I would like is to disable or make passwords protect
the creation of databases on the server but in most cases I will use
databases that I created before I put them on the server, with their
user/password so if this is how it works for me is ok.

2 - Does the shutdown of the server imply the shutdown of every database ?
Is it enough ? I don’t have to call shutdown to every database individually
I suppose.

Thanks for the help, I copy my server policy file where I just substituted
${derby.install.url} with file:///tmp/2/db-derby-10.15.2.0-bin/lib/.

-Fed

// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements.  See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License.  You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

grant codeBase "file:///tmp/2/db-derby-10.15.2.0-bin/lib/derbyshared.jar"
{
  // Needed to determine whether the JVM was booted with a module path.
  permission java.util.PropertyPermission "jdk.module.path", "read";

  // Need in order to read message localizations from other derby jars
  // when running with a module path.
  permission java.io.FilePermission "${derby.install.path}${/}-", "read";

  // Gives permission for JMX to be used against Derby
  // but only if JMX authentication is not being used.
  // In that case the application would need to create
  // a whole set of fine-grained permissions to allow specific
  // users access to MBeans and actions they perform.
  permission org.apache.derby.shared.common.security.SystemPermission
"engine", "monitor";
  permission org.apache.derby.shared.common.security.SystemPermission
"server", "monitor";

};

grant codeBase "file:///tmp/2/db-derby-10.15.2.0-bin/lib/derby.jar"
{
  // These permissions are needed for everyday, embedded Derby usage.
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission org.apache.derby.shared.common.security.SystemPermission
"engine", "usederbyinternals";
  permission java.io.FilePermission "${derby.system.home}","read,write";
  permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
  permission java.io.FilePermission
"${derby.system.home}${/}derby.properties", "read";
  permission java.io.FilePermission
"${derby.system.home}${/}derby.log", "read,write,delete";

  // Properties needed to determine if the VM is 32 or 64 bit.
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";

  // Gives permission for JMX to be used against Derby
  // but only if JMX authentication is not being used.
  // In that case the application would need to create
  // a whole set of fine-grained permissions to allow specific
  // users access to MBeans and actions they perform.
  permission org.apache.derby.shared.common.security.SystemPermission
"jmx", "control";
  permission org.apache.derby.shared.common.security.SystemPermission
"engine", "monitor";
  permission org.apache.derby.shared.common.security.SystemPermission
"server", "monitor";

  // Permissions needed for JMX based management and monitoring.
  permission javax.management.MBeanServerPermission "createMBeanServer";

  // Allows access to Derby's built-in MBeans, within the domain
  // org.apache.derby.  Derby must be allowed to register and unregister these
  // MBeans.  To fine tune this permission, see the javadoc of
  // javax.management.MBeanPermission or the JMX Instrumentation and
Agent Specification.
  permission javax.management.MBeanPermission
"org.apache.derby.*#[org.apache.derby:*]",
"registerMBean,unregisterMBean";

  // Trusts Derby code to be a source of MBeans and to register these
in the MBean server.
  permission javax.management.MBeanTrustPermission "register";

  // Optional permission needed for printing classpath information to derby.log.
  permission java.lang.RuntimePermission "getProtectionDomain";

  // The following permission must be granted for
Connection.abort(Executor) to work.
  // Note that this permission must also be granted to outer
(application) code domains.
  permission java.sql.SQLPermission "callAbort";

  // Needed by FileUtil#limitAccessToOwner.
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";

  // Needed to create a temp file in order to open a database in a jar file.
  // permission java.io.FilePermission "${java.io.tmpdir}${/}-",
"read,write,delete"

  // Customize the following permission in order to backup and restore
  // Derby databases to/from a secure branch of your file system,
  // preferably one owned by the database owner or the user who booted the JVM:
  // permission java.io.FilePermission "/Users/me/backups/-", "read,write"

  // Customize the following permission in order to export and import
  // tables to/from a secure branch of your file system,
  // preferably one owned by the database owner or the user who booted the JVM:
  // permission java.io.FilePermission "/Users/me/imports/-", "read,write"

  // Customize the following permission in order to load
  // jar files which contain user-written types, aggregates,
functions, and procedures.
  // Those jar files should live in a secure branch of your file system,
  // preferably one owned by the database owner or the user who booted the JVM:
  // permission java.io.FilePermission "/Users/me/myJars/-", "read"

  // This permission lets a DBA reload the policy file while the server
  // is still running. The policy file is reloaded by invoking
  // the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure:
  // permission java.security.SecurityPermission "getPolicy"

  // This permission is needed to call DriverManager.deregisterDriver()
  // and unload the Derby classes:
  // permission java.sql.SQLPermission "deregisterDriver"

};

grant codeBase "file:///tmp/2/db-derby-10.15.2.0-bin/lib/derbytools.jar"
{
  // Access all properties using System.getProperties -
  // ij enumerates the properties in order to open connections
  // for any property set in ij.connection.* and set protocols
  // for any property in ij.protocol.*
  permission java.util.PropertyPermission "*", "read,write";

  // Needed by sysinfo. The file permission is needed to check the existence
  // of jars on the classpath. You can limit this permission to just
the locations
  // which hold your jar files.
  permission java.util.PropertyPermission "user.*", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.class.path", "read";
  permission java.util.PropertyPermission "java.runtime.version", "read";
  permission java.util.PropertyPermission "java.fullversion", "read";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission org.apache.derby.shared.common.security.SystemPermission
"engine", "usederbyinternals";
  permission java.io.FilePermission "<<ALL FILES>>", "read";

};

grant codeBase "file:///tmp/2/db-derby-10.15.2.0-bin/lib/derbynet.jar"
{
  // Needed by FileUtil#limitAccessToOwner.
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
  permission java.util.PropertyPermission
"derby.__serverStartedFromCmdLine", "read,write";

  // Needed for NetworkServerMBean access.
  permission org.apache.derby.shared.common.security.SystemPermission
"server", "control,monitor";
  permission org.apache.derby.shared.common.security.SystemPermission
"engine", "usederbyinternals";

  // Accept connections from any host. Derby is listening to the host interface
  // specified via the -h command line option to "NetworkServerControl start",
  // via the address parameter to the org.apache.derby.drda.NetworkServerControl
  // constructor in the API, or via the property derby.drda.host.
  // The default is localhost.  You may want to restrict allowed hosts,
  // e.g. to hosts in a specific subdomain like "*.example.com".
  permission java.net.SocketPermission "*", "accept";

  // Allow the server to listen to the socket on the port specified with the
  // -p option to "NetworkServerControl start" on the command line, or with
  // the portNumber parameter to the NetworkServerControl constructor in the
  // API, or with the property derby.drda.portNumber. The default is 1527.
  permission java.net.SocketPermission
"localhost:${derby.security.port}", "listen";

  // Needed for server tracing.
  permission java.io.FilePermission
"${derby.drda.traceDirectory}${/}-", "read,write,delete";

};


On Thu, 1 Dec 2022 at 21:13, Rick Hillegas <rick.hille...@gmail.com> wrote:

> Some responses inline...
>
> On 12/1/22 4:15 AM, fed wrote:
>
> Hi,
>
> As you suggested, the issue is the security manager, to be honest I am used
> to java security manager, I read and tested a bit to understand how it
> works.
> My initial setup was server service in a dir, let’s say /dir1 and database
> in another dir let’s say /dir2 so the dirs are distinct to each other.
>
> Considering version 10.15.2.0 running the server without security manager
> works:
>
> java -jar derbyrun.jar server -noSecurityManager start
>
> but reading from documentation I know it is not recommended and advisable
> so I want to use the security manager.
>
> So then I put my db dir inside the lib dir where derbyrun.jar and other
> jars are, so something like lib/db/mydb and running it with
> java -jar derbyrun.jar server start
> and I can access the db even using relative path on jdbc url, db/mydb.
>
> I am not used to derby in server mode, I read the documentation but sorry
> it’s not all clear to me how to use it.
> So from my test I suppose the recommended setup is to create a db dir
> inside lib and put all the dbs inside it ? lib/db/db1, lib/db/db2 etc ?
> right?
>
> Typically, people separate code-bearing directories from data-bearing
> directories. This makes it easier to upgrade to a new version of Derby
> since the database is not located with the old version of Derby code.
> Something like the following:
>
> /Users/me/derbyInstallation/
>
> /Users/me/derbyInstallation/derbyVersions/10.15.2.0
>
> /Users/me/derbyInstallation/derbyHome
>
> /Users/me/derbyInstallation/derbyHome/db1
>
> /Users/me/derbyInstallation/derbyHome/db2
>
>
> Just as note I tested again with 10.12.1.1 and I found that forcing the
> security policy with the server template one (I suppose the default
> behaviour is changed with the newer version) it behaves the same like
> 10.15.2.0, I used:
> java
> -Djava.security.policy=/tmp/db-derby-10.12.1.1-bin/demo/templates/server.policy
> -jar derbyrun server start
>
> Note that the supplied policies are just templates. You need to edit them
> in order to use them. See
> https://db.apache.org/derby/docs/10.15/security/csecjavasecurity.html
> That is, at a minimum, you need to copy the template server policy (for
> 10.15.2.0 it's demo/templates/serverTemplate.policy) to some other location
> and edit lines like the following...
>
> grant codeBase "${derby.install.url}derbyshared.jar"
>
>
> ...replacing the ${derby.install.url} symbol with the url handle of your
> Derby code library (file:///Users/me/derbyInstallation/10.15.2.0/) so
> that the lines look like this:
>
> grant codeBase "file:///Users/me/derbyInstallation/10.15.2.0/derbyshared.jar"
>
> Hope this helps,
>
> -Rick
>
> Thanks for the help.
>
> On Fri, 25 Nov 2022 at 21:02, Rick Hillegas <rick.hille...@gmail.com> 
> <rick.hille...@gmail.com> wrote:
>
>
> Check that your 10.15 classpath is correct. You need a couple more jar
> files compared to previous releases. Your 10.15 server classpath must
> contain the following jars:
>
>    derby.jar
>    derbyshared.jar
>    derbytools.jar
>    derbynet.jar
>
> See
> https://db.apache.org/derby/docs/10.15/adminguide/tadminappschangingyourclasspath.html
> and
> https://db.apache.org/derby/docs/10.15/publishedapi/org.apache.derby.server/module-summary.html
>
>
> On 11/25/22 9:51 AM, Rick Hillegas wrote:
>
> This indicates that the server is running with a Java SecurityManager
> and that the policy file does not grant read permission on that
> file--and probably all files in the database directory.
>
> On 11/25/22 12:30 AM, fed wrote:
>
> Hi,
>
> testing with 10.15.2.0 from derby.log, server side, it complains about a
> read permission on service.properties, some part of the file:
>
> java.sql.SQLException: Impossibile avviare il database
> '/home/user/db/' con
> il caricatore di classi
> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
> dettagli,
> vedere l'eccezione successiva.
> ...
> Caused by: java.security.AccessControlException: access denied
> ("java.io.FilePermission" "/home/user/db/service.properties" "read")
> ...
> ERROR XBM0C: Privilegio mancante per l'operazione 'exists' sul file
> 'service.properties': access denied ("java.io.FilePermission"
> "/home/user/db/service.properties" "read")
>
>
> There are several errors like these ones but I have read permission
> on this
> file.
> The user that starts the server is the same that owns the file, the
> permissions on the file are 664.
>
> As I said, same setup but using 10.12.1.1 for the server, I have no
> problems.
>
> Best Regards
> -fed
>
> On Thu, 24 Nov 2022 at 19:52, Rick Hillegas <rick.hille...@gmail.com> 
> <rick.hille...@gmail.com>
> wrote:
>
>
> The SQLState indicates that the server was not able to boot the
> database. Look in the server-side derby.log to see if there is a
> detailed error message describing why the boot failed.
>
> On 11/23/22 4:42 PM, fed wrote:
>
> Hi,
>
> Sorry for the late answer but I lost your reply.
>
> Two tests:
>
> I have a database updated to version 10.12.1.1, the server is running
>
> with
>
> the 10.12.1.1 too and the client is using 10.12.1.1 too, the
> connection
>
> is
>
> OK, I can use this setup.
>
> But another test:
> still the same database updated to version 10.12.1.1, the server is
>
> running
>
> 10.15.2.0 so a newer version and the client is using 10.12.1.1: I
>
> have
>
> problems in this case the client can't connect to the database with
> this
> error:
>
> Caused by: org.apache.derby.client.am.SqlException: DERBY SQL error:
> ERRORCODE: 40000, SQLSTATE: XJ040, SQLERRMC: Impossibile avviare il
> database '/home/user/some_db_path/' con il caricatore di classi
> jdk.internal.loader.ClassLoaders$AppClassLoader@277050dc. Per i
>
> dettagli,
>
> vedere l'eccezione successiva.::SQLSTATE: XBM0C
>
> Thanks for the help
>
>
>
> On Sun, 13 Nov 2022 at 15:26, Bryan Pendleton <
>
> bpendleton.de...@gmail.com>
>
> wrote:
>
>
> I'm not aware of client-server version incompatibilities. Have you
> done any experiments with different versions?
>
> thanks,
>
> bryan
>
> On Thu, Nov 10, 2022 at 4:16 AM fed <fury...@gmail.com> <fury...@gmail.com> 
> wrote:
>
> Hi,
>
> using derby with network server setup is there any problem if the
>
> server
>
> and the client are running on different java versions?
>
> Still on this, considering the database created/updated with the
> apache
>
> derby version that the client uses, is there any problem if the
> server
>
> will
>
> use a newer version of apache derby?
>
> Thanks for the help
>
> -fed
>
>
>

Reply via email to