Skip to Main Content
Forums

Java and JavaScript in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

java.net.SocketPermission - socket range

ArekOct 31 2008 — edited Nov 3 2008
Hi,

We're calling an external Java class (RMI server) from Java Stored Procedure (RMI client). The RMI server listens on 1099 socket and therefore we needed to grant

dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', 'localhost:1099', 'connect,resolve' ) - which is fine.

The problem is however a reverse "connection" established on another socket which seems to be chosen dynamically. We're receiving the following error at runtime:

"java.security.AccessControlException: the Permission (java.net.SocketPermission localhost:56675 connect,resolve) has not been granted to SLAB. The PL/SQL to grant this is dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', '172.16.30.3
0:56675', 'connect,resolve' )
[...]"

which as far as I can tell means that this time 56675 socket has been chosen for the reverse connection. We could grant java.net.SocketPermission on this one too and it would work fine, however it may not work the next time we run the program as a different socket can be chosen.
The idea would be to either:
a) grant SocketPermission to the whole localhost - but we don't want that
b) grant SocketPermission for a single socket or (better - range of sockets) and make sure that the RMI Client and RMI server uses this single socket only (this range of sockets respectively). How can this be done?

Any ideas?

Cheers
Arek
This post has been answered by MarceloF.Ochoa on Nov 3 2008
Jump to Answer

Comments

MarceloF.Ochoa
Hi Arek:
Try this:
exec dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', 'localhost:1024-', 'listen,resolve');
exec dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', 'localhost:1024-', 'accept, resolve');
exec dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', 'localhost:1024-', 'connect, resolve');
exec dbms_java.grant_permission( 'LUCENE', 'SYS:java.net.SocketPermission', 'localhost:1099', 'connect,resolve' );
these grants are working fine with my RMI server.
Best regards, Marcelo.
1 person found this helpful
MarceloF.Ochoa
oops replace LUCENE by SLAB in last grant.
Marcelo.
Arek
Thank you Marcello,
Yes, it works, but it is more or less the same as allowing the whole localhost.

However - if we wanted to be picky - is there a way to limit the range to 100 ports only?

Setting permissions is the easy part:

dbms_java.grant_permission( 'SLAB', 'SYS:java.net.SocketPermission', '172.16.30.30:1099-1199', 'connect,resolve' );
etc

But how can we configure the RMI server and/or the database (which should it be?) to use only ports in this range?


Cheers
Arek
MarceloF.Ochoa
Answer
Hi Arek:
AFAIK is not a problem of RMI implementation.
Typically posix socket implementation when an application is listening in a specific port number once the connection is accepted is followed by a clone() call which find a free port number above of 1024 and use it.
So there is no chance to change this behavior :(
Marcelo.
Marked as Answer by Arek · Sep 27 2020
Arek
I see.
Thanks Marcello
1 - 5
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 1 2008
Added on Oct 31 2008
#java, #procedure
5 comments
9,332 views