通过Google和StackOverflow花了几个小时后,我在这里问你一个关于这个错误的问题:
Fri Jan 17 10:54:17 IST 2014 : Security manager installed using the Basic server security policy.
Fri Jan 17 10:54:17 IST 2014 : access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkListen(SecurityManager.java:1134)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at javax.net.DefaultServerSocketFactory.createServerSocket(ServerSocketFactory.java:231)
at org.apache.derby.impl.drda.NetworkServerControlImpl.createServerSocket(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.access$000(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(Unknown Source)
at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
当我尝试启动JavaDB时,我得到了这个。它根本不起作用,我几乎尝试了互联网上的所有内容,非常感谢您的帮助,谢谢!
答案 0 :(得分:1)
答案 1 :(得分:0)
是的,但只是修复监听端口可能不足以完成这个魅力。
当您查看德比文档时,请说: http://db.apache.org/derby/docs/10.9/adminguide/tadminnetservbasic.html
您会看到有相当多的重要权限。不只是能够打开一个端口。 写入文件,阅读文件等。
因此,JRE 7比JRE 6更具限制性。 无法保证在java策略中像锤子一样放下你的痛苦只是简单地允许在监听端口上打开套接字。
我的推荐是:
(a)调整您的政策文件。使用derby模板政策
(b)调整启动数据库命令以定义所需的策略引用属性
例如,如果你正在玩玻璃鱼: asadmin start-database --jvmoptions =&#34; -Dderby.install.url =%DERBY_INSTALL_URL%-Dderby.system.home =%DERBY_SYSTEM_HOME%&#34;
其中DERBY_INSTALL_URL是rh形式的字符串:file:/c/mypath/to/a/derby/intallFolder/lib/
// ///////////////////////////////////////////
// COPY PASTED PERMISSIONS FROM THE NET - MAKE SURE THE START DERBY COMMAND DEFINEDS THE ${derby.install.url}
///////////////////////////////////////////////
// REFERENCES:
// http://docs.oracle.com/javadb/10.8.3.0/adminguide/tadminnetservbasic.html
// http://db.apache.org/derby/docs/10.11/adminguide/
// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase "${derby.install.url}derby.jar" {
//
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
// The next two properties are used to determine if the VM is 32 or 64
// bit.
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
permission java.security.SecurityPermission "getPolicy";
//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
//
// Permissions needed for JMX based management and monitoring, which is
// only available for JVMs supporting "platform management", that is
// Java SE 5.0 or better.
//
// Allows this code to create an MBeanServer:
//
permission javax.management.MBeanServerPermission "createMBeanServer";
//
// Allows access to Derby's built-in MBeans, within the domain
// org.apache.derby.
// Derby must be allowed to register and unregister these MBeans.
// It is possible to allow access only to specific MBeans, attributes or
// operations. To fine tune this permission, see the javadoc of
// javax.management.MBeanPermission or the JMX Instrumentation and Agent
// Specification.
//
permission javax.management.MBeanPermission
"org.apache.derby.*#[org.apache.derby:*]",
"registerMBean,unregisterMBean";
//
// Trusts Derby code to be a source of MBeans and to register these in
// the MBean server.
//
permission javax.management.MBeanTrustPermission "register";
// getProtectionDomain is an optional permission needed for printing
// classpath information to derby.log
permission java.lang.RuntimePermission "getProtectionDomain";
//
// The following permission must be granted for
// Connection.abort(Executor) to work. Note that this permission
// must also be granted to outer (application) code domains.
//
permission java.sql.SQLPermission "callAbort";
};
// grant codeBase "${derby.install.url}derbynet.jar"{
// grant codeBase "file:/D:/cranebox-package/package/cranebox/glassfish-v3/javadb/lib/derbynet.jar" {
grant codeBase "${derby.install.url}derbynet.jar"{
permission java.net.SocketPermission "localhost:1527", "listen";
//
// This permission lets the Network Server manage connections from
// clients.
//
// Accept connections from any host. Derby is listening to the host
// interface specified via the -h option to "NetworkServerControl
// start" on the command line, via the address parameter to the
// org.apache.derby.drda.NetworkServerControl constructor in the API
// or via the property derby.drda.host; the default is localhost.
// You may want to restrict allowed hosts, e.g. to hosts in a specific
// subdomain, e.g. "*.example.com".
permission java.net.SocketPermission "*", "accept";
//
// Needed for server tracing.
//
permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
"read,write,delete";
//
// JMX: Uncomment this permission to allow the ping operation of the
// NetworkServerMBean to connect to the Network Server.
//permission java.net.SocketPermission "*", "connect,resolve";
//
// Needed by sysinfo. The file permission is needed to
// check the existence of jars on the classpath. You can
// limit this permission to just the locations which hold
// your jar files.
//
// In this template file, this block of permissions is granted
// to derbynet.jar under the assumption that derbynet.jar is
// the first jar file in your classpath which contains the
// sysinfo classes. If that is not the case, then you will want
// to grant this block of permissions to the first jar file
// in your classpath which contains the sysinfo classes.
// Those classes are bundled into the following Derby
// jar files:
//
// derbynet.jar
// derby.jar
// derbyclient.jar
// derbytools.jar
//
permission java.util.PropertyPermission "user.*", "read";
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "java.class.path", "read";
permission java.util.PropertyPermission "java.runtime.version", "read";
permission java.util.PropertyPermission "java.fullversion", "read";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.io.FilePermission "java.runtime.version", "read";
permission java.io.FilePermission "java.fullversion", "read";
};
(c)如果你是绝望的,只是想让数据库快速启动而你只是不关心安全性。只需将此锤子放入JRE的安全策略中即可:
permission java.security.AllPermission "", "";