The Java language lets you use functionality implemented in non-Java languages through the Java Native Interface (JNI) via native methods. Classes using native methods must explicitly load the native library using either the load(String filename) or loadLibrary(String libname) method as described in both the java.lang.System and java.langRuntime classes. Because these libraries are not stored as controlled objects in the database, some users may consider them less secure.
To prevent unexpected access to native libraries, the PCA/JVM has introduced a system property sybase.allow.native.lib to control the loading of native libraries.
Many Java properties can be set either on the command line or from within the application via the java.lang.System setProperty(String key, String value) method. However, this is forbidden by the SecurityManager to prevent users from overriding system policy. By default, users cannot load native libraries. If an attempt is made to load a native library or alter the existing property setting, a SecurityException is raised and the load attempt fails.
For example, if you try to load the java.net.ServerSocket class without setting the sybase.allow.native.lib property, the initializer fails because it requires the Socket library to be loaded. The actual Java stack varies. However, it or the client message displays:
java.lang.SecurityException: Cannot load native libraries from within a user Task!
This indicates that a required native library has been unable to load.
To enable loading of native libraries, set this property in the sybpcidb database prior to starting the JVM:
1> sp_jreconfig "add","pca_jvm_java_option", "-Dsybase.allow.native.lib=true"2> go
Once sybase.allow.native.lib is set true, the additional property is passed in to the JVM on the command line at JVM startup. This property cannot be changed while the JVM is running. If you no longer need to load libraries, use sp_jreconfig to delete or disable pca_jvm_java_option.
