I'll open an issue, as you suggest, with the information you
requested. And no, I can't provide a minimum reproducible case yet. A
problem with doing so is that the behavior appears to be sporadic. I
haven't found a way to reproduce it reliably yet.
On Thu, Jun 6, 2019 at 8:15 PM Bryan Pendleton
<[email protected] <mailto:[email protected]>> wrote:
Probably best to open an issue in the Derby JIRA, to help keep the
conversation easy to find and track.
Can you share the complete stack trace of the AccessControlException?
Can you share a run of 'sysinfo' in a configuration where this occurs?
I don't suppose you've been able to whittle this down to a Minimum
Reproducible Case yet, have you?
thanks,
bryan
On Thu, Jun 6, 2019 at 6:22 AM Besosa, Michael
<[email protected] <mailto:[email protected]>>
wrote:
>
> We're still interested in ideas about this problem. We are
getting occasional AccessControlExceptions in an environment with
no SecurityManager installed. This behavior appears to have
started when we migrated our application to Java 8. It was never
seen prior to that. If there is additional information that would
be useful, please let me know.
>
> On Mon, Jun 3, 2019 at 8:17 PM Bryan Pendleton
<[email protected] <mailto:[email protected]>>
wrote:
>>
>> Ah, good point.
>>
>> Yes, I missed that, and yes I was thinking about the network
server.
>>
>> Sorry about that.
>>
>> bryan
>>
>> On Mon, Jun 3, 2019 at 8:37 AM Besosa, Michael
>> <[email protected]
<mailto:[email protected]>> wrote:
>> >
>> > Thinking about it a bit more, I wonder if you missed that
this is using the embedded engine, not the network server. I know
that the network server installs a security manager by default,
and that there is a system property that can be set to disable
that behavior. But that's not applicable in our situation.
>> >
>> > On Mon, Jun 3, 2019 at 8:52 AM Besosa, Michael
<[email protected] <mailto:[email protected]>>
wrote:
>> >>
>> >> I don't understand what you mean when you say, "Even if you
don't install a Java security manager...you get a security manager
anyway." I don't have (haven't installed) a security manager and
System.getSecurityManager() returns null. And if I "really,
really" don't want a security manager, how can I say so, other
than executing System.setSecurityManager(null)?
>> >>
>> >> On Fri, May 31, 2019 at 9:03 PM Bryan Pendleton
<[email protected] <mailto:[email protected]>>
wrote:
>> >>>
>> >>> I feel like you're probably hitting DERBY-6648:
>> >>>
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_DERBY-2D6648&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=Hutrm_MTSwNDtab2E2bMNCxLo0eDRIZrB1B5x2AL-1k&e=
>> >>>
>> >>> Even if you don't install a Java security manager (perhaps
especially
>> >>> if that is so), you get a security manager anyway.
>> >>>
>> >>> If you really, really don't want a security manager, you
can say so.
>> >>>
>> >>> Or, bite the bullet and define a security manager, and start
>> >>> assembling the precise security policy that is right for your
>> >>> particular situation, as in:
>> >>>
https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_a_52392015_193453&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=uackNzNN36boV8-m6DGN7VJOPwN4tnfuUwgQBgOmv0I&e=
,
>> >>>
https://urldefense.proofpoint.com/v2/url?u=https-3A__db.apache.org_derby_docs_10.13_security_csecembeddedperms.html&d=DwIFaQ&c=0YLnzTkWOdJlub_y7qAx8Q&r=Wl0HX9k4fXSgP8TsHwfE2EzboRhWUZIw3D92MjZ0k8A&m=jAZ8M-UCTv0Ms-FrB1NaYA62mIGrbUhHirW9AxhEyxw&s=53JhmaGEsK92jA_W0ofwQrvGLuaZ-TLXOiDawh9P3rQ&e=
>> >>> , etc.
>> >>>
>> >>> bryan
>> >>>
>> >>> On Fri, May 31, 2019 at 11:58 AM Besosa, Michael
>> >>> <[email protected]
<mailto:[email protected]>> wrote:
>> >>> >
>> >>> > We have an application that is using the Derby 10.12.1.1
embedded engine and Java 8. When the app executes the SELECT shown
below, we see an exception with the message 'access denied
org.apache.derby.security.SystemPermission( "engine",
"usederbyinternals" ): java.security.AccessControlException'.
>> >>> >
>> >>> > This application does not install a SecurityManager. I'm
at a bit of a loss about how to fix this.
>> >>> >
>> >>> > The query:
>> >>> >
>> >>> > SELECT
>> >>> > DeliveryEvent.AppointmentStart,
>> >>> > DeliveryEvent.Attempt,
>> >>> > DeliveryEvent.BiometricCheckTypeCode,
>> >>> > DeliveryEvent.CandidateID,
>> >>> > DeliveryEvent.DeliveryStatus,
>> >>> > DeliveryEvent.ExamLanguageID,
>> >>> > DeliveryEvent.HasNoTestListBlock,
>> >>> > DeliveryEvent.IsDisconnectedIBTDelivery,
>> >>> > DeliveryEvent.NextAppointmentID,
>> >>> > DeliveryEvent.ProcessStateCode,
>> >>> > DeliveryEvent.ProctorID,
>> >>> > DeliveryEvent.RegisteredExamVersionID,
>> >>> > DeliveryEvent.RegistrationID,
>> >>> > DeliveryEvent.SelectedFormID,
>> >>> > DeliveryEvent.SelectedExamVersionID,
>> >>> > DeliveryEvent.TerminationDate,
>> >>> > DeliveryEvent.TimeLimit,
>> >>> > DeliveryEvent.TimeLimitAdjust,
>> >>> > Clients.Client_ID AS ClientID,
>> >>> > Clients.ClientName AS ClientName,
>> >>> > ExamSeries.Code AS ExamSeriesCode,
>> >>> > ExamVersion.DriverID AS DriverID,
>> >>> > ExamLanguage.Title AS TranslatedTitle,
>> >>> > (SELECT AppUser.FirstName || ' ' ||
AppUser.LastName FROM ((((((AssetAppUser INNER JOIN AppUser ON
AssetAppUser.AppUserID = AppUser.ID) INNER JOIN AssetUsage ON
AssetAppUser.AssetID = AssetUsage.AssetID) INNER JOIN Asset ON
AssetUsage.AssetID = Asset.ID) INNER JOIN AssetType ON
Asset.AssetTypeID = AssetType.ID) INNER JOIN AssetTypeProperty ON
AssetType.ID = AssetTypeProperty.AssetTypeID AND
AssetTypeProperty.AssetTypePropertyValue = 'Examiner') INNER JOIN
AssetTypePropertyKey ON AssetTypeProperty.AssetTypePropertyKeyID =
AssetTypePropertyKey.AssetTypePropertyKeyID AND
AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass')
WHERE (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID)
FETCH FIRST 1 ROWS ONLY) AS ExaminerName,
>> >>> > (SELECT Asset.Name FROM ((((Asset INNER JOIN
AssetType ON Asset.AssetTypeID = AssetType.ID) INNER JOIN
AssetUsage ON Asset.ID = AssetUsage.AssetID) INNER JOIN
AssetTypeProperty ON AssetType.ID = AssetTypeProperty.AssetTypeID
AND AssetTypeProperty.AssetTypePropertyValue = 'Vehicle') INNER
JOIN AssetTypePropertyKey ON
AssetTypeProperty.AssetTypePropertyKeyID =
AssetTypePropertyKey.AssetTypePropertyKeyID AND
AssetTypePropertyKey.AssetTypePropertyKeyName = 'AssetSubClass')
WHERE (AssetUsage.OrderItemID = DeliveryEvent.RegistrationID) AND
(AssetType.AssetClassCode IN
('Facility','Workstation','CiscoRack','TaskSchedule')) FETCH FIRST
1 ROWS ONLY) AS VehicleName,
>> >>> > (SELECT COUNT(*) FROM (Accommodation INNER JOIN
AccommodationStatus ON Accommodation.AccommodationStatusID =
AccommodationStatus.AccommodationStatusID AND
AccommodationStatus.StatusCode = 'Granted') WHERE
(Accommodation.OrderItemID = DeliveryEvent.RegistrationID)) AS
AccommodationCount,
>> >>> > (SELECT COUNT(*) FROM DeliveryBlockedReason WHERE
(DeliveryBlockedReason.DeliveryEventID =
DeliveryEvent.RegistrationID)) AS ReasonsBlockedCount,
>> >>> > (SELECT DeliveryEventNext.RegistrationID FROM
DeliveryEvent AS DeliveryEventNext WHERE
(DeliveryEvent.RegistrationID =
DeliveryEventNext.NextAppointmentID)) AS FirstDayRegistrationID
>> >>> > FROM ((((
>> >>> > DeliveryEvent
>> >>> > INNER JOIN ExamLanguage
>> >>> > ON DeliveryEvent.ExamLanguageID =
ExamLanguage.ID)
>> >>> > INNER JOIN ExamSeriesON ExamLanguage.ExamSeriesID
= ExamSeries.ID)
>> >>> > INNER JOIN Clients
>> >>> > ON ExamSeries.Client_ID = Clients.Client_ID)
>> >>> > LEFT JOIN ExamVersion
>> >>> > ON DeliveryEvent.RegisteredExamVersionID = ExamVersion.ID)
>> >>> > WHERE
>> >>> > (DeliveryEvent.RegistrationID = 5)
