Unable to start derby database from Netbeans 7.4

Question

I downloaded Netbeans 7.4 and Java 7 Update 51. I get the below error when I try to start Java DB or derby connection from Netbeans. This is on a windows 8 PC. I downloaded

Answer 1

This was doing my head in for a bit until I stumbled across the following in the NetBeans wiki

JavaDB grant permissions

JavaDB grant permissions

How to grant permissions for Java DB / How to start Java DB

Related to issue #239962

JDK 7u51 comes with some security improvements which are causing problems with starting Java DB on this Java version.

When you try to start DB from NetBeans you will probably get the Exception:

java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")

The same exception you will get while starting using script /db/bin/startNetworkServer

Because there is no suitable way to fix it on the NetBeans side and this should be fixed on the side of the Java DB.

There are several ways how to deal with this problem. I will mention only the easiest way. You have to start DB manually from command line.

• Start Java DB with -noSecurityManager argument.

(JDK 7u51 location)/db/bin/startNetworkServer -noSecurityManager

Although it’s not exactly a solution it is usable as a quick workaround.

Answer 2

I found a quick solution to this problem - Start your JavaDB from the command line\terminal like so:

<base folder>/db/bin/startNetworkServer -noSecurityManager

Then it runs fine without adding new permissions.

Answer 3

See http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html for the description of the "problem". Search other-libs/javadb

Depending on your requirement, what I did was go and modify the default security policy

cd $JAVA_HOME/jre/lib/security

Edit java.policy (make a backup first!)

Add the following

grant codeBase "file:${java.home}}/../db/lib/*" {
        permission java.security.AllPermission;
};

Note that this is my requirement.

I'm granting every app who uses the u51 JRE the permission to start Derby.

EDIT

The alternative would be to use a less permissive set of permissions like:

grant codeBase "file:${java.home}}/../db/lib/*" {
    permission java.net.SocketPermission "localhost:1527", "listen,resolve";
};

NetBeans, by default, uses the derby version installed with GlassFish. So my permissions look like this on the Mac. It will be similar on Windows, but the path will need to change.

grant codeBase "file:/Applications/NetBeans/glassfish-4.0/javadb/lib/*" {
    permission java.net.SocketPermission "localhost:1527", "listen,resolve";
};

Answer 4

Well, one alternative is to change the port JavaDB listens to, to be now in the high range (such as from 49152 to 65535). Go to Window->Services, then right click Java DB and in "Java DB Properties Dialog" goto to "Database Location", which in my system is "C:\Users\ahernandeza.netbeans-derby" In that directory edit or create the file derby.properties, and add/edit the line: derby.drda.portNumber=XXXX Where XXXX is the new port, in my case i put 51527 and worked just fine.

EDIT At fisrt glance it worked, the service started just fine, but when creating or starting a database in NB, i got the error Unable to connect. CAnnot establish a connection to jdbc:derby://localhost:1527/sample Although i changed the pprt to 51527, it tries to connect to 1527

Answer 5

You can also solve the problem on a per-user basis by granting the needed permission in a file called .java.policy in your home directory.

Works on both Unix and Windows systems as documented here: http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html

This might be useful if the system-wide policy file gets overwritten, for example when updating your JDK, or if you don't have permission to edit the system file.

This is what I have in my $HOME/.java.policy:

grant {
    permission java.net.SocketPermission "localhost:1527", "listen";
};

Answer 6

I got a bit fed up with Oracle's approach to security lately. They seem to be trying to protect us from ourselves in ways that would be more appropriate to naive users than programmers. My view is that the code I put on my own machine should be able to do whatever it needs to. It's my fault if I put code there that does bad things. Clearly not a universally reliable perspective, but it's worked for me for about 35 years. On that basis, I add this to my /lib/security/java.policy file:

grant codeBase "file:/-" {
    permission java.security.AllPermission;
};

note that the file:/- matches any file on the system, and the grant block says, in essence, "if the class is loaded from this file system, then trust it".