Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3363

AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.net.www.protocol.c)

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.3.2.1
    • Fix Version/s: None
    • Component/s: Services, Tools
    • Environment:
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      I got one AccessControlException when I tried to backup my derby database using code like:

      Statement statement;
      String dbPath;
      ...

      statement.executeUpdate("CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('" + dbPath + "')");

      ==

      I run my code with the default security manager installed. The exception stack trace is:

      java.security.AccessControlException: access denied (java.lang.RuntimePermission
      accessClassInPackage.sun.net.www.protocol.c)
      at java.security.AccessControlContext.checkPermission(AccessControlConte
      xt.java:264)
      at java.security.AccessController.checkPermission(AccessController.java:
      427)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:151
      2)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
      at java.net.URL.getURLStreamHandler(URL.java:1141)
      at java.net.URL.<init>(URL.java:572)
      at java.net.URL.<init>(URL.java:464)
      at java.net.URL.<init>(URL.java:413)
      at org.apache.derby.impl.store.raw.RawStore.backup(Unknown Source)
      at org.apache.derby.impl.store.access.RAMAccessManager.backup(Unknown So
      urce)
      at org.apache.derby.impl.db.BasicDatabase.backup(Unknown Source)
      at org.apache.derby.catalog.SystemProcedures.SYSCS_BACKUP_DATABASE(Unkno
      wn Source)
      at org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800.g0(Unkno
      wn Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.apache.derby.impl.services.reflect.ReflectMethod.invoke(Unknown S
      ource)
      at org.apache.derby.impl.sql.execute.CallStatementResultSet.open(Unknown
      Source)
      at org.apache.derby.impl.sql.GenericPreparedStatement.execute(Unknown So
      urce)
      at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(Unknown So
      urce)
      at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
      at org.apache.derby.impl.jdbc.EmbedStatement.executeUpdate(Unknown Sourc
      e)
      at com.elixirtech.ers2.db.DBSystem.systemUpdate(Unknown Source)

      ==

      I did some quick debug. I guess the problem happens because Derby generates some classes on the fly but forgets to assign proper security domains when loading the generated classes (such as 'org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800'). When the generated code tried to access some sun.* packages, the security check failed.

      Ideally, Derby code should call

      ClassLoader.defineClass(String name, byte[] b, int off, int len, ProtectionDomain protectionDomain)

      instead of

      ClassLoader.defineClass(String name, byte[] b, int off, int len)

        Attachments

        1. DerbyBackupTest.zip
          2.17 MB
          Song Guo Qiang

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              superq Song Guo Qiang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:

                Time Tracking

                Estimated:
                Original Estimate - 48h
                48h
                Remaining:
                Remaining Estimate - 48h
                48h
                Logged:
                Time Spent - Not Specified
                Not Specified