Watch out! When update TDI 7.1.1 JVM

Share

Today i upgrade one TDI 7.1.1 JVM  to the latest fix from IBM.

The setup was easy, just unzip the file and copy to jvm directory.

When i launch an assembly line using delta.  The log file show the following error:

CTGDKE039E Error occurred when creating IBM Tivoli Directory Integrator Property store. Property store: System-Properties Exception: java.sql.SQLNonTransientConnectionException: java.net.ConnectException : Error connecting to server localhost on port 1527 with message Connection refused: connect.

The derby database was not starting, and in derby.log i found:

2016-07-06 20:44:01.917 GMT : Access denied (java.net.SocketPermission localhost:1527 listen,resolve)
java.security.AccessControlException: Access denied (java.net.SocketPermission localhost:1527 listen,resolve)

I try everything on  http://www-01.ibm.com/support/docview.wss?uid=swg21450475

The problem was related to permission. The text bellow is from https://db.apache.org/derby/releases/release-10.10.2.0.html

After upgrading to a JVM with these changes, while attempting to boot, the network server may fail and raise the following error:

access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”) java.security.AccessControlException: access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”)

To workaround this problem, you must bring up the network server with a security policy which includes the now required missing permission. Instead of booting the network server as:

java org.apache.derby.drda.NetworkServerControl start

boot the network server as follows:

java -Djava.security.manager -Djava.security.policy=${yourPolicyFile} org.apache.derby.drda.NetworkServerControl start

where ${yourPolicyFile} is a file containing a customized version of the policy file described in the Derby Admin Guide section titled Basic Network Server security policy. You must customize that generic policy file to fit your application. In addition, you must add the following permission to the permissions block granted to the ${derby.install.url}derbynet.jar codebase:

permission java.net.SocketPermission “localhost:${port}”, “listen”;

where ${port} should be replaced by the port number where the network server listens for incoming connection requests. By default, that is port 1527.

Solving the problem

I add  permission java.net.SocketPermission “localhost:1024-“, “listen”; to the grant session of the java.policy file and restart TDI