[DERBY-3363] AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.net.www.protocol.c) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.3.2.1
Fix Version/s: None
Component/s: Services, Tools
Labels:
- derby_triage10_5_2
Environment:

Hide
------------------ Java Information ------------------
Java Version: 1.5.0_11
Java Vendor: Sun Microsystems Inc.
Java home: C:\Program Files\Java\jre1.5.0_11
Java classpath: derby.jar
OS name: Windows XP
OS architecture: x86
OS version: 5.1
Java user name: Guo Qiang
Java user home: C:\Documents and Settings\Guo Qiang
Java user dir: C:\Repertoire-Server-20080118\RepertoireServer\lib
java.specification.name: Java Platform API Specification
java.specification.version: 1.5
--------- Derby Information --------
JRE - JDBC: J2SE 5.0 - JDBC 3.0
[C:\Repertoire-Server-20080118\RepertoireServer\lib\derby.jar] 10.3.2.1 - (59911
0)

Show
------------------ Java Information ------------------ Java Version: 1.5.0_11 Java Vendor: Sun Microsystems Inc. Java home: C:\Program Files\Java\jre1.5.0_11 Java classpath: derby.jar OS name: Windows XP OS architecture: x86 OS version: 5.1 Java user name: Guo Qiang Java user home: C:\Documents and Settings\Guo Qiang Java user dir: C:\Repertoire-Server-20080118\RepertoireServer\lib java.specification.name: Java Platform API Specification java.specification.version: 1.5 --------- Derby Information -------- JRE - JDBC: J2SE 5.0 - JDBC 3.0 [C:\Repertoire-Server-20080118\RepertoireServer\lib\derby.jar] 10.3.2.1 - (59911 0)

Urgency:
Normal
Bug behavior facts:

Security

Description

I got one AccessControlException when I tried to backup my derby database using code like:

Statement statement;
String dbPath;
...

statement.executeUpdate("CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('" + dbPath + "')");

I run my code with the default security manager installed. The exception stack trace is:

java.security.AccessControlException: access denied (java.lang.RuntimePermission
accessClassInPackage.sun.net.www.protocol.c)
at java.security.AccessControlContext.checkPermission(AccessControlConte
xt.java:264)
at java.security.AccessController.checkPermission(AccessController.java:
427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:151
2)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.net.URL.getURLStreamHandler(URL.java:1141)
at java.net.URL.<init>(URL.java:572)
at java.net.URL.<init>(URL.java:464)
at java.net.URL.<init>(URL.java:413)
at org.apache.derby.impl.store.raw.RawStore.backup(Unknown Source)
at org.apache.derby.impl.store.access.RAMAccessManager.backup(Unknown So
urce)
at org.apache.derby.impl.db.BasicDatabase.backup(Unknown Source)
at org.apache.derby.catalog.SystemProcedures.SYSCS_BACKUP_DATABASE(Unkno
wn Source)
at org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800.g0(Unkno
wn Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.derby.impl.services.reflect.ReflectMethod.invoke(Unknown S
ource)
at org.apache.derby.impl.sql.execute.CallStatementResultSet.open(Unknown
Source)
at org.apache.derby.impl.sql.GenericPreparedStatement.execute(Unknown So
urce)
at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(Unknown So
urce)
at org.apache.derby.impl.jdbc.EmbedStatement.execute(Unknown Source)
at org.apache.derby.impl.jdbc.EmbedStatement.executeUpdate(Unknown Sourc
e)
at com.elixirtech.ers2.db.DBSystem.systemUpdate(Unknown Source)

I did some quick debug. I guess the problem happens because Derby generates some classes on the fly but forgets to assign proper security domains when loading the generated classes (such as 'org.apache.derby.exe.ac3a7f0048x0117xc98bxe062x0000001202800'). When the generated code tried to access some sun.* packages, the security check failed.

Ideally, Derby code should call

ClassLoader.defineClass(String name, byte[] b, int off, int len, ProtectionDomain protectionDomain)

instead of

ClassLoader.defineClass(String name, byte[] b, int off, int len)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

DerbyBackupTest.zip
05/Feb/08 09:11
2.17 MB
Song Guo Qiang

Activity

People

Assignee:: Unassigned

Reporter:: Song Guo Qiang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Jan/08 07:49

Updated:: 15/Feb/11 21:08

Time Tracking

Estimated:

48h

Remaining:

48h

Logged:

Not Specified