1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
//
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
//Recommended set of permissions to start & use the network server,
//assuming the '${derby.codebase}${/}-' directory has been secured.
//Fine tune based on your environment settings
grant codeBase "file:${csinfo.codebase}/-" {
permission java.io.FilePermission "${derby.system.home}",
"read, write, delete";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read, write, delete";
permission java.util.PropertyPermission "derby.debug.false", "read, write";
permission java.util.PropertyPermission "derby.debug.true", "read, write";
permission java.util.PropertyPermission "derby.*", "read, write";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
permission java.lang.RuntimePermission "createClassLoader";
// getProectionDomain is an optional permission needed to printing classpath
// information to derby.log
permission java.lang.RuntimePermission "getProtectionDomain";
// These permissions are needed to load the JCE for encryption with JDK131.
// JDK14 has the JCE preloaded
permission java.security.SecurityPermission "createAccessControlContext";
permission java.security.SecurityPermission "insertProvider.SunJCE";
// network server permissions
permission java.net.SocketPermission "127.0.0.1",
"accept";
permission java.net.SocketPermission "localhost",
"accept";
permission java.net.SocketPermission "${csinfo.serverhost}",
"accept";
permission java.net.SocketPermission "${csinfo.trustedhost}",
"accept";
// Just for the debug build. not needed for jars
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
//Required set of permissions to stop the network server, assuming you have
// secured the '${csinfo.codebase}${/}-' directory
//Remember to fine tune this as per your environment.
grant codeBase "file:${csinfo.codebase}/-" {
permission java.net.SocketPermission "localhost", "connect, resolve";
//The following is required if the server is started with the -h option
//(else shutdown access will be denied)
permission java.net.SocketPermission "${csinfo.serverhost}",
"connect, resolve";
};
// These permissions are needed for sysinfo to allow the jars to be looked at
grant codeBase "file:${csinfo.codebase}/-" {
permission java.io.FilePermission "${csinfo.codebase}/derby.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbynet.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyclient.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/db2jcc.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/db2jcc_license_c.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_de_DE.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_es.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_fr.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_it.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ja_JP.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ko_KR.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_pt_BR.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_CN.jar", "read";
permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_TW.jar", "read";
};
// Just for the tests
grant {
// accessDeclaredMembers only needed for debug build
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.util.PropertyPermission "derby.database.mode", "read, write";
// need acces to socket for ldap tests
permission java.net.SocketPermission "yourldaphost.yourdomain.com",
"connect, resolve";
// tests like import/export need file write permission
permission java.io.FilePermission "${user.dir}${/}-", "read, write, delete";
};
|
