// // Licensed to the Apache Software Foundation (ASF) under one or more // contributor license agreements. See the NOTICE file distributed with // this work for additional information regarding copyright ownership. // The ASF licenses this file to You under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance with // the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // //Recommended set of permissions to start & use the network server, //assuming the '${derby.codebase}${/}-' directory has been secured. //Fine tune based on your environment settings grant codeBase "file:${csinfo.codebase}/-" { permission java.io.FilePermission "${derby.system.home}", "read, write, delete"; permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete"; permission java.util.PropertyPermission "derby.debug.false", "read, write"; permission java.util.PropertyPermission "derby.debug.true", "read, write"; permission java.util.PropertyPermission "derby.*", "read, write"; permission java.util.PropertyPermission "derby.storage.jvmInstanceId", "write"; permission java.lang.RuntimePermission "createClassLoader"; // These permissions are needed to load the JCE for encryption with JDK131. // JDK14 has the JCE preloaded permission java.security.SecurityPermission "createAccessControlContext"; permission java.security.SecurityPermission "insertProvider.SunJCE"; // network server permissions permission java.net.SocketPermission "127.0.0.1", "accept"; permission java.net.SocketPermission "localhost", "accept"; permission java.net.SocketPermission "${csinfo.serverhost}", "accept"; permission java.net.SocketPermission "${csinfo.trustedhost}", "accept"; // Just for the debug build. not needed for jars permission java.lang.RuntimePermission "accessDeclaredMembers"; }; //Required set of permissions to stop the network server, assuming you have // secured the '${csinfo.codebase}${/}-' directory //Remember to fine tune this as per your environment. grant codeBase "file:${csinfo.codebase}/-" { permission java.net.SocketPermission "localhost", "connect, resolve"; //The following is required if the server is started with the -h option //(else shutdown access will be denied) permission java.net.SocketPermission "${csinfo.serverhost}", "connect, resolve"; }; // These permissions are needed for sysinfo to allow the jars to be looked at grant codeBase "file:${csinfo.codebase}/-" { permission java.io.FilePermission "${csinfo.codebase}/derby.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbynet.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyclient.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/db2jcc.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/db2jcc_license_c.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_de_DE.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_es.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_fr.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_it.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ja_JP.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ko_KR.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_pt_BR.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_CN.jar", "read"; permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_TW.jar", "read"; }; // Just for the tests grant { // accessDeclaredMembers only needed for debug build permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.util.PropertyPermission "derby.database.mode", "read, write"; // need acces to socket for ldap tests permission java.net.SocketPermission "yourldaphost.yourdomain.com", "connect, resolve"; // tests like import/export need file write permission permission java.io.FilePermission "${user.dir}${/}-", "read, write, delete"; };