java.net.SocketPermission - socket range
ArekOct 31 2008 — edited Nov 3 2008Hi,
We're calling an external Java class (RMI server) from Java Stored Procedure (RMI client). The RMI server listens on 1099 socket and therefore we needed to grant
dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', 'localhost:1099', 'connect,resolve' ) - which is fine.
The problem is however a reverse "connection" established on another socket which seems to be chosen dynamically. We're receiving the following error at runtime:
"java.security.AccessControlException: the Permission (java.net.SocketPermission localhost:56675 connect,resolve) has not been granted to SLAB. The PL/SQL to grant this is dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', '172.16.30.3
0:56675', 'connect,resolve' )
[...]"
which as far as I can tell means that this time 56675 socket has been chosen for the reverse connection. We could grant java.net.SocketPermission on this one too and it would work fine, however it may not work the next time we run the program as a different socket can be chosen.
The idea would be to either:
a) grant SocketPermission to the whole localhost - but we don't want that
b) grant SocketPermission for a single socket or (better - range of sockets) and make sure that the RMI Client and RMI server uses this single socket only (this range of sockets respectively). How can this be done?
Any ideas?
Cheers
Arek