Basic client security policy template

Customize this policy if you run a client-side application, which connects to a Derby server across a network.

This policy grants essential permissions to the client and shared modules.

grant codeBase "${derby.install.url}derbyshared.jar"
{
  // Needed to determine whether the JVM was booted with a module path.
  permission java.util.PropertyPermission "jdk.module.path", "read";

  // Need in order to read message localizations from other derby jars
  // when running with a module path.
  permission java.io.FilePermission "${derby.install.path}${/}-", "read";

  // Gives permission for JMX to be used against Derby
  // but only if JMX authentication is not being used.
  // In that case the application would need to create
  // a whole set of fine-grained permissions to allow specific
  // users access to MBeans and actions they perform.
  permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
  permission org.apache.derby.shared.common.security.SystemPermission "server", "monitor";

};

grant codeBase "${derby.install.url}derbyclient.jar"
{
  // Modify this to be the server host instead of localhost.
  permission java.net.SocketPermission "localhost", "connect,resolve";

  // DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to
  // do tracing in that directory. Also, it needs read/write permissions in user.dir in order
  // to create the trace files in that directory.
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.io.FilePermission "${user.dir}${/}-", "read,write";

  // DERBY-1883: Since some classes that are included in both derby.jar and
  // derbyclient.jar read properties, derbyclient.jar needs permission to read
  // derby.* properties to avoid failures when it is listed before derby.jar in
  // the classpath.
  permission java.util.PropertyPermission "derby.*", "read";

  // The following permission must be granted for Connection.abort(Executor) to work.
  // Note that this permission must also be granted to outer (application) code domains.
  permission java.sql.SQLPermission "callAbort";

};
Parent topic: Configuring Java security
Related concepts
Using a Java security policy file
Related tasks
Running the Network Server with a security manager
Running the Network Server without a security manager
Related reference
Basic engine security policy template
Basic server security policy template
Basic tools security policy template
Sample customized Java security policy file