Unable to start derby database from Netbeans 7.4

I downloaded Netbeans 7.4 and Java 7 Update 51. I get the below error when I try to start Java DB or derby connection from Netbeans. This is on a windows 8 PC. I downloaded the version for windows xp 32 bit at work. It works fine. I am not sure what is missing.

Thu Jan 16 00:48:23 EST 2014 : Security manager installed using the Basic server security policy.
Thu Jan 16 00:48:24 EST 2014 : access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkListen(SecurityManager.java:1134)
at java.net.ServerSocket.bind(ServerSocket.java:375)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at javax.net.DefaultServerSocketFactory.createServerSocket(ServerSocketFactory.java:231)
at org.apache.derby.impl.drda.NetworkServerControlImpl.createServerSocket(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.access$000(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(Unknown Source)
at org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(Unknown Source)

at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)

connection propertiesjava db properties


Solution 1:

This is what I did:

  1. Find out exactly where the java home is by executing this instruction from NetBeans 7.4 :

    System.out.println(System.getProperty("java.home"));

    This is the output for my case:

    C:\Program Files\Java\jdk1.7.0_51\jre

    which is quite important for me, I was modifying another java.policy and took no effect and wasted me a couple of hours.

  2. For reason of java.policy is an unix style file and read-only, I opened and edited it with notepad++ and executed as administrator (under the same java home):

    C:\Program Files\Java\jdk1.7.0_51\jre\lib\security\java.policy

    Add only these lines into the file after the first grant:

    grant {
        permission java.net.SocketPermission "localhost:1527", "listen";
    };
  3. Save the file, which is a little tricky for reason of the permission. But if you run notepad++ or any other edit program as administrator, you can solve the problem.

    Then try to connect the database from NetBeans, it works for me.

Good luck.

Solution 2:

According to Java™ SE Development Kit 7, Update 51 Release Notes

Change in Default Socket Permissions

The default socket permissions assigned to all code including untrusted code have been changed in this release. Previously, all code was able to bind any socket type to any port number greater than or equal to 1024. It is still possible to bind sockets to the ephemeral port range on each system. The exact range of ephemeral ports varies from one operating system to another, but it is typically in the high range (such as from 49152 to 65535). The new restriction is that binding sockets outside of the ephemeral range now requires an explicit permission in the system security policy.

Most applications using client tcp sockets and a security manager will not see any problem, as these typically bind to ephemeral ports anyway. Applications using datagram sockets or server tcp sockets (and a security manager) may encounter security exceptions where none were seen before. If this occurs, users should review whether the port number being requested is expected, and if this is the case, a socket permission grant can be added to the local security policy, to resolve the issue.

This means that you have to explicity set the permissions for your application to be able to access the ports range between 1025 and 49151. You can therefore grant this permission by appending this line in the list of permissions granted:

Visit your Java Home Directory and access your policy file at $JAVA_HOME/jre/lib/security/java.policy and make the following changes.

grant{
     //List of granted permissions
     permission java.net.SocketPermission "localhost:1527", "listen";
}

Solution 3:

See http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html for the description of the "problem". Search other-libs/javadb

Depending on your requirement, what I did was go and modify the default security policy

cd $JAVA_HOME/jre/lib/security

Edit java.policy (make a backup first!)

Add the following

grant codeBase "file:${java.home}}/../db/lib/*" {
        permission java.security.AllPermission;
};

Note that this is my requirement.

I'm granting every app who uses the u51 JRE the permission to start Derby.

EDIT

The alternative would be to use a less permissive set of permissions like:

grant codeBase "file:${java.home}}/../db/lib/*" {
    permission java.net.SocketPermission "localhost:1527", "listen,resolve";
};

NetBeans, by default, uses the derby version installed with GlassFish. So my permissions look like this on the Mac. It will be similar on Windows, but the path will need to change.

grant codeBase "file:/Applications/NetBeans/glassfish-4.0/javadb/lib/*" {
    permission java.net.SocketPermission "localhost:1527", "listen,resolve";
};