| // |
| // Licensed to the Apache Software Foundation (ASF) under one or more |
| // contributor license agreements. See the NOTICE file distributed with |
| // this work for additional information regarding copyright ownership. |
| // The ASF licenses this file to You under the Apache License, Version 2.0 |
| // (the "License"); you may not use this file except in compliance with |
| // the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| //Recommended set of permissions to start & use the network server, |
| //assuming the '${derby.codebase}${/}-' directory has been secured. |
| //Fine tune based on your environment settings |
| grant codeBase "file:${csinfo.codebase}/-" { |
| permission java.io.FilePermission "${derby.system.home}", |
| "read, write, delete"; |
| permission java.io.FilePermission "${derby.system.home}${/}-", |
| "read, write, delete"; |
| |
| permission java.util.PropertyPermission "derby.debug.false", "read, write"; |
| permission java.util.PropertyPermission "derby.debug.true", "read, write"; |
| permission java.util.PropertyPermission "derby.*", "read, write"; |
| permission java.util.PropertyPermission "derby.storage.jvmInstanceId", |
| "write"; |
| |
| permission java.lang.RuntimePermission "createClassLoader"; |
| |
| // getProectionDomain is an optional permission needed to printing classpath |
| // information to derby.log |
| permission java.lang.RuntimePermission "getProtectionDomain"; |
| |
| // These permissions are needed to load the JCE for encryption with JDK131. |
| // JDK14 has the JCE preloaded |
| permission java.security.SecurityPermission "createAccessControlContext"; |
| permission java.security.SecurityPermission "insertProvider.SunJCE"; |
| |
| |
| // network server permissions |
| permission java.net.SocketPermission "127.0.0.1", |
| "accept"; |
| permission java.net.SocketPermission "localhost", |
| "accept"; |
| permission java.net.SocketPermission "${csinfo.serverhost}", |
| "accept"; |
| permission java.net.SocketPermission "${csinfo.trustedhost}", |
| "accept"; |
| |
| // Just for the debug build. not needed for jars |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| |
| }; |
| |
| //Required set of permissions to stop the network server, assuming you have |
| // secured the '${csinfo.codebase}${/}-' directory |
| //Remember to fine tune this as per your environment. |
| grant codeBase "file:${csinfo.codebase}/-" { |
| permission java.net.SocketPermission "localhost", "connect, resolve"; |
| //The following is required if the server is started with the -h option |
| //(else shutdown access will be denied) |
| permission java.net.SocketPermission "${csinfo.serverhost}", |
| "connect, resolve"; |
| }; |
| |
| |
| // These permissions are needed for sysinfo to allow the jars to be looked at |
| grant codeBase "file:${csinfo.codebase}/-" { |
| permission java.io.FilePermission "${csinfo.codebase}/derby.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbynet.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyclient.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/db2jcc.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/db2jcc_license_c.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_de_DE.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_es.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_fr.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_it.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ja_JP.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_ko_KR.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_pt_BR.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_CN.jar", "read"; |
| permission java.io.FilePermission "${csinfo.codebase}/derbyLocale_zh_TW.jar", "read"; |
| |
| |
| }; |
| |
| // Just for the tests |
| grant { |
| // accessDeclaredMembers only needed for debug build |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.util.PropertyPermission "derby.database.mode", "read, write"; |
| |
| // need acces to socket for ldap tests |
| permission java.net.SocketPermission "yourldaphost.yourdomain.com", |
| "connect, resolve"; |
| |
| // tests like import/export need file write permission |
| permission java.io.FilePermission "${user.dir}${/}-", "read, write, delete"; |
| |
| }; |
| |
| |
| |
| |
| |