AW: dbms_java: grant_permission and revoke_permission only take effect after database restart

From: <ahmed.fikri_at_t-online.de>
Date: Mon, 15 Mar 2021 21:00:32 +0100 (CET)
Message-ID: <1615838432979.1689190.5b7e0d647504f15387210eeee23215769e9eab93_at_spica.telekom.de>

Yes this is true. But the below steps that I did, were just a way to replicate a problem that occurs in a application running on an application server (connection pools ...). I have just restarted the application server.

But what I want to share here is an odd problem that I observed on our DB
(Rac two nodes): After granting the permission and even after trying the
below block I get the "Permission ... has not been granted to MYUSER'

But immediately after doing creating another empty file using touch /my/path/dummyfile the below block works.

I have encountered this seldom behavior in several environments and I have no explanation for that.

Thanks and best regards
Ahmed

-----Original-Nachricht-----
Betreff: RE: dbms_java: grant_permission and revoke_permission only take effect after database restart
Datum: 2021-03-15T20:30:50+0100
Von: "dimensional.dba_at_comcast.net" <dimensional.dba_at_comcast.net> An: "ahmed.fikri_at_t-online.de" <ahmed.fikri_at_t-online.de>, "'list, oracle'" <oracle-l_at_freelists.org>

Normally you just need to log out of your session and log back in.

From: oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> On Behalf Of ahmed.fikri_at_t-online.de
Sent: Monday, March 15, 2021 12:10 PM
To: list, oracle <oracle-l_at_freelists.org> Subject: dbms_java: grant_permission and revoke_permission only take effect after database restart

Hi all,

does dbms_java.grant_permission requires a database restart?

as sys I did following:

BEGIN
dbms_java.revoke_permission( 'MYUSER', 'SYS:java.io.FilePermission', '/tmp/dummy/*', 'read' );
END; SELECT * FROM dba_java_policy WHERE NAME LIKE '/%' AND grantee = 'MYUSER' shows that the permission is granted.

as MYUSER

I run this:

DECLARE
v_name VARCHAR2(333):= '/tmp/dummy/myjar.jar';

BEGIN
dbms_java.loadjava( v_name);
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line(SQLERRM);

END; I get following error:
ORA-29532: Java call terminated by uncaught Java exception: java.security.AccessControlException: the Permission
(java.io.FilePermission /tmp/dummy/s.jar read) has not been granted to
MYUSER. The PL/SQL to grant this is dbms_java.grant_permission( 'MYUSER', 'SYS:java.io.FilePermission', '/tmp/dummy/myjar.jar', 'read' )

after restarting the database it works.

I wonder that but does really dbms_java.grant_permission requires a database restart?

Best regards
Ahmed

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Mar 15 2021 - 21:00:32 CET

This message: [ Message body ]
Next message: Willy Klotz: "EBR"
Previous message: dimensional.dba_at_comcast.net: "RE: dbms_java: grant_permission and revoke_permission only take effect after database restart"
In reply to: dimensional.dba_at_comcast.net: "RE: dbms_java: grant_permission and revoke_permission only take effect after database restart"
In reply to ahmed.fikri_at_t-online.de: "dbms_java: grant_permission and revoke_permission only take effect after database restart"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message