1. Derby
  2. DERBY-3614

Granted SystemPermissions are ignored when granted later with same target and different action


    • Type: Bug Bug
    • Status: Open
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s:
    • Fix Version/s: None
    • Component/s: Miscellaneous
    • Environment:
      Security Manager installed, custom policy file
    • Urgency:
    • Bug behavior facts:

      Description represents access to system-wide Derby privileges, such as privileges relating to JMX management and monitoring. A system permission is identified by a name (aka. "target") and optionally an action associated with that name. SystemPermission extends See also DERBY-3491.

      If a SystemPermission is granted for the same target (name) more than once in a set of policy files loaded by the security manager, the last entry seems to overwrite any previous entries, potentially causing SecurityExceptions. Details follow.

      The currently accepted targets are: engine, server, jmx
      The currently accepted actions are: monitor, control, shutdown

      If a policy file specifies e.g.


      { permission "server", "monitor"; permission "server", "control"; }

      then the first ("server", "monitor") permission is ignored when the permission checks are actually performed by the security manager.

      No documentation currently specifies the behavior of SystemPermission in such cases. It seems that the most common and least error-prone way of handling this is to accept each permission grant entry unless there is a conflict between the entries (in which case the result should be well defined and documented).

      Current behavior seems unintuitive and is contrary to the behavior of similar permissions available in the Java platform, e.g. java.util.PropertyPermission which also extends For example, the following grants both "read" and "write" permissions to all Principals and codebases:


      { permission java.util.PropertyPermission "my.sysprop", "write"; permission java.util.PropertyPermission "my.sysprop", "read"; }

      A workaround is to make sure that the same permission/target is not specified more than once within a set of policy files. If more than one action needs to be granted for the same target, the following syntax will work:


      { permission "server", "monitor,control"; }

        Issue Links


          Gavin made changes -
          Workflow jira [ 12428795 ] Default workflow, editable Closed status [ 12798796 ]
          Kathey Marsden made changes -
          Labels derby_triage10_5_2
          Dag H. Wanvik made changes -
          Component/s Miscellaneous [ 11400 ]
          Dag H. Wanvik made changes -
          Component/s Security [ 11411 ]
          Dag H. Wanvik made changes -
          Derby Categories [Security]
          John H. Embretsen made changes -
          Link This issue relates to DERBY-2109 [ DERBY-2109 ]
          John H. Embretsen made changes -
          Link This issue relates to DERBY-3462 [ DERBY-3462 ]
          John H. Embretsen made changes -
          Field Original Value New Value
          Link This issue relates to DERBY-3491 [ DERBY-3491 ]
          John H. Embretsen created issue -


            • Assignee:
              John H. Embretsen
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: