[Pljava-dev] How to configure security manager?

Hi,
The user guide didn't seem to have the depth for this, but how can I change
the _java_ security policy to relieve the restriction below? I want to have a
function/trigger with certain (full) system permissions (files,sockets,
system, etc.)

Thank you!
Darren

rath.msnm.NotificationProcessor:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at rath.msnm.AbstractProcessor.run(AbstractProcessor.java:373)
Caused by: java.lang.ExceptionInInitializerError
at
rath.msnm.NotificationProcessor.processAuth(NotificationProcessor.java:360)
... 5 more
Caused by: java.lang.SecurityException
at
org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.assertPermission(Backend.java:153)
at
org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.nonRecursiveCheck(Backend.java:128)
at
org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.checkPermission(Backend.java:106)
at java.lang.System.setProperty(System.java:654)
at rath.msnm.util.TWN.<clinit>(TWN.java:61)
... 6 more

Hi Darren,
Short version:
You need to declare your special trigger with 'LANGUAGE javaU' and use
an administrator account when you install it.

Longer...
PostgreSQL stipulates that a PL should provider one trusted and one
untrusted language handler. The convention is that the untrusted one
uses the name of the trusted with an appended 'U'. A trusted handler
cannot access external resources (the file system in particular) but the
untrusted one has no such restrictions. Only administrator accounts can
install the latter but anyone can call it once its installed. PL/Java
uses a standard SecurityManager to enforce this behavior and there's no
way to configure that manager at present.

Regards,
Thomas Hallgren

dgovoni at metadapt.com wrote:
> Hi,
> The user guide didn't seem to have the depth for this, but how can I change
> the _java_ security policy to relieve the restriction below? I want to have a
> function/trigger with certain (full) system permissions (files,sockets,
> system, etc.)
>
> Thank you!
> Darren
>
> rath.msnm.NotificationProcessor:
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at rath.msnm.AbstractProcessor.run(AbstractProcessor.java:373)
> Caused by: java.lang.ExceptionInInitializerError
> at
> rath.msnm.NotificationProcessor.processAuth(NotificationProcessor.java:360)
> ... 5 more
> Caused by: java.lang.SecurityException
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.assertPermission(Backend.java:153)
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.nonRecursiveCheck(Backend.java:128)
> at
> org.postgresql.pljava.internal.Backend$PLJavaSecurityManager.checkPermission(Backend.java:106)
> at java.lang.System.setProperty(System.java:654)
> at rath.msnm.util.TWN.<clinit>(TWN.java:61)
> ... 6 more
> _______________________________________________
> Pljava-dev mailing list
> Pljava-dev at gborg.postgresql.org
> http://gborg.postgresql.org/mailman/listinfo/pljava-dev
>