The Network Server's Basic security policy is documented in
the section . Most likely, you
will want to customize your own security policy. For example, you might want
to restrict the server's liberal file i/o permissions which let the server
backup/restore and export/import to or from any location in the local file system. Customizing
the security policy is simple:
- A template policy lives in the Derby distribution at demo/templates/server.policy.
Copy the file from this location to your own file, say myCustomized.policy.
All of the following edits take place in your custom file.
- Replace the ${derby.install.url} variable with the location of
the Derby jars in your local file system.
- Replace the ${derby.system.home} variable with the location of
your Derby system directory. Alternatively, rather than replacing this variable,
you can simply set the value of the derby.system.home system property
when you boot the server.
- You must grant java.net.SocketPermission to
derby.jar if you are using LDAP authentication, so
that the Derby code is allowed to contact the LDAP server to perform
the authentication.
- You may want to restrict the socket permission for derbynet.jar,
which by default accepts connections from any host ("*").
Note that the special wildcard address "0.0.0.0" is not
understood by SocketPermission, even though Derby accepts this wildcard as
a valid value for accepting connections on all network interfaces (IPv4).
- Refine the file permissions needed by backup/restore, import/export, and
the loading of application jars.
The following example is a copy of a sample, customized policy file:
grant codeBase "file:/usr/local/share/sw/derby/lib/derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.util.PropertyPermission "derby.*", "read";
// The next two properties are used to determine if the VM is 32 or 64 bit.
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.io.FilePermission "/usr/local/shoppingCartApp/databases","read";
permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-",
"read,write,delete";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
permission java.security.SecurityPermission "getPolicy";
//
// This permission lets you backup and restore databases
// to and from a selected branch of the local file system:
//
permission java.io.FilePermission "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
//
// This permission lets you import data from
// a selected branch of the local file system:
//
permission java.io.FilePermission "/usr/local/shoppingCartApp/imports/-", "read";
//
// This permission lets you export data to
// a selected branch of the local file system:
//
permission java.io.FilePermission "/usr/local/shoppingCartApp/exports/-", "write";
//
// This permission lets you load your databases with jar files of
// application code
//
permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*", "read";
// LDAP server on localhost using default LDAP port 389:
permission java.net.SocketPermission "localhost:389", "connect,resolve";
};
grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients
// originating from the localhost, on any port.
//
permission java.net.SocketPermission "localhost:0-", "accept";
};
After customizing the Basic policy, you may bring up the
Network Server as follows:
java -Djava.security.manager -Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h localhost