Derby
  1. Derby
  2. DERBY-3363

AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.net.www.protocol.c)

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 10.3.2.1
    • Fix Version/s: None
    • Component/s: Services, Tools
    • Environment:
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      I got one AccessControlException when I tried to backup my derby database using code like:

      Statement statement;
      String dbPath;
      ...

      statement.executeUpdate("CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('" + dbPath + "')");

      ==

      I run my code with the default security manager installed. The exception stack trace is:

      java.security.AccessControlException: access denied (java.lang.RuntimePermission
      accessClassInPackage.sun.net.www.protocol.c)
      at java.security.AccessControlContext.checkPermission(AccessControlConte
      xt.java:264)
      at java.security.AccessController.checkPermission(AccessController.java:
      427)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
      at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:151
      2)
      at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
      at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
      at java.net.URL.getURLStreamHandler(URL.java:1141)
      at java.net.URL.<init>(URL.java:572)
      at java.net.URL.<init>(URL.java:464)
      at java.net.URL.<init>(URL.java:413)
      at org.apache.derby.impl.store.raw.RawStore.backup(Unknown Source)
      at org.apache.derby.impl.store.access.RAMAccessManager.backup(Unknown So
      urce)
      at org.apache.derby.impl.db.BasicDatabase.backup(Unknown Source)
      at org.apache.derby.catalog.SystemProcedures.SYSCS_BACKUP_DATABASE(Unkno
      wn Source)
      at org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800.g0(Unkno
      wn Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.apache.derby.impl.services.reflect.ReflectMethod.invoke(Unknown S
      ource)
      at org.apache.derby.impl.sql.execute.CallStatementResultSet.open(Unknown
      Source)
      at org.apache.derby.impl.sql.GenericPreparedStatement.execute(Unknown So
      urce)
      at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(Unknown So
      urce)
      at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
      at org.apache.derby.impl.jdbc.EmbedStatement.executeUpdate(Unknown Sourc
      e)
      at com.elixirtech.ers2.db.DBSystem.systemUpdate(Unknown Source)

      ==

      I did some quick debug. I guess the problem happens because Derby generates some classes on the fly but forgets to assign proper security domains when loading the generated classes (such as 'org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800'). When the generated code tried to access some sun.* packages, the security check failed.

      Ideally, Derby code should call

      ClassLoader.defineClass(String name, byte[] b, int off, int len, ProtectionDomain protectionDomain)

      instead of

      ClassLoader.defineClass(String name, byte[] b, int off, int len)

      1. DerbyBackupTest.zip
        2.17 MB
        Song Guo Qiang

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Song Guo Qiang
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 48h
              48h
              Remaining:
              Remaining Estimate - 48h
              48h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development