Basic security policy template

If you start the Network Server without specifying a security manager, the Network Server will install a default Java security manager that enforces a basic policy.

Note that the Network Server attempts to install a security manager only if you boot the server as the entry point of your VM. The Network Server will not attempt to install a security manager if you start the server from your application using the programmatic API described in "Starting the Network Server from a Java application" in the Derby Server and Administration Guide.

The following is a copy of the basic policy:

// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase "${derby.install.url}derby.jar"
{
  // These permissions are needed for everyday, embedded Derby usage.
  //
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";

  // The next two properties are used to determine if the VM is 32 or 64
  // bit.
  //
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";

  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-", 
      "read,write,delete";

  // This permission lets a DBA reload the policy file while the server
  // is still running. The policy file is reloaded by invoking the
  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
  //
  permission java.security.SecurityPermission "getPolicy";

  // This permission lets you backup and restore databases
  // to and from arbitrary locations in your file system.
  //
  // This permission also lets you import/export data to and from
  // arbitrary locations in your file system.
  //
  // NOTE: this permission is commented out. You should NOT grant blanket
  // permission to the entire filesystem! If you choose to use this
  // permission to allow the server to access files outside of the
  // server's home directory, you should name those specific directories
  // in the permisson (that is, do NOT specify ALL FILES).
  //
  // permission java.io.FilePermission "<<ALL FILES>>",
  //     "read,write,delete";

  // Permissions needed for JMX based management and monitoring.
  //
  // Allows this code to create an MBeanServer:
  //
  permission javax.management.MBeanServerPermission "createMBeanServer";
  //
  // Allows access to Derby's built-in MBeans, within the domain
  // org.apache.derby.
  // Derby must be allowed to register and unregister these MBeans.
  // It is possible to allow access only to specific MBeans, attributes 
  // or operations. To fine tune this permission, see the javadoc of 
  // javax.management.MBeanPermission or the JMX Instrumentation and 
  // Agent Specification. 
  //
  permission javax.management.MBeanPermission 
      "org.apache.derby.*#[org.apache.derby:*]",
      "registerMBean,unregisterMBean";
  //
  // Trusts Derby code to be a source of MBeans and to register these in
  // the MBean server.
  //
  permission javax.management.MBeanTrustPermission "register";

  // getProtectionDomain is an optional permission needed for printing
  // classpath information to derby.log
  //
  permission java.lang.RuntimePermission "getProtectionDomain";

  // The following permission must be granted for
  // Connection.abort(Executor) to work. Note that this permission
  // must also be granted to outer (application) code domains.
  //
  permission java.sql.SQLPermission "callAbort";

  // Needed by file permissions restriction system:
  //
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
};

grant codeBase "${derby.install.url}derbynet.jar"
{
  // This permission lets the Network Server manage connections from
  // clients.

  // Accept connections from any host. Derby is listening to the host
  // interface specified via the -h option to "NetworkServerControl
  // start" on the command line, via the address parameter to the
  // org.apache.derby.drda.NetworkServerControl constructor in the API
  // or via the property derby.drda.host; the default is localhost.
  // You may want to restrict allowed hosts, e.g. to hosts in a specific
  // subdomain, e.g. "*.example.com".
  //
  permission java.net.SocketPermission "*", "accept"; 

  // Allow the server to listen to the socket on the default port (1527).
  // If you have specified another port number with the -p option to
  // "NetworkServerControl start" on the command line, or with the
  // portNumber parameter to the NetworkServerControl constructor in the
  // API, or with the property derby.drda.portNumber, you should change
  // the port number in the permission statement accordingly.
  //
  permission java.net.SocketPermission "localhost:1527", "listen";

  // Needed for server tracing.
  //
  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
      "read,write,delete";

  // Needed by file permissions restriction system:
  //
  permission java.lang.RuntimePermission "accessUserInformation";
  permission java.lang.RuntimePermission "getFileStoreAttributes";
  permission java.util.PropertyPermission 
      "derby.__serverStartedFromCmdLine", "read, write";

  // Needed to boot MBeans
  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";

  // JMX: Uncomment this permission to allow the ping operation of the 
  //      NetworkServerMBean to connect to the Network Server.
  //
  //permission java.net.SocketPermission "*", "connect,resolve";

  // Needed by sysinfo. A file permission is needed to check the existence of
  // jars on the classpath. Note that this permission is commented out! 
  // You should limit this permission to just the locations which hold
  // your jar files; do NOT grant blanket permission to read the entire
  // filesystem.
  //
  // In this template file, this block of permissions is granted
  // to derbynet.jar under the assumption that derbynet.jar is
  // the first jar file in your classpath which contains the
  // sysinfo classes. If that is not the case, then you will want
  // to grant this block of permissions to the first jar file
  // in your classpath which contains the sysinfo classes.
  // Those classes are bundled into the following Derby
  // jar files:
  //
  //    derbynet.jar
  //    derby.jar
  //    derbyclient.jar
  //    derbytools.jar
  //
  permission java.util.PropertyPermission "user.*", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.class.path", "read";
  permission java.util.PropertyPermission "java.runtime.version", "read";
  permission java.util.PropertyPermission "java.fullversion", "read";
  permission java.lang.RuntimePermission "getProtectionDomain";
  // permission java.io.FilePermission "${derby.install.directory}${/}-",
  //     "read";
};
Parent topic: Configuring Java security
Related concepts
Using a Java security policy file
Running embedded Derby with a security manager
Related tasks
Running the Network Server with a security manager
Running the Network Server without a security manager
Related reference
Sample customized Java security policy file