You may wish to disable or restrict access to MBeans in security-conscious environments. You can do this using either of the following techniques.
The first technique is to use the stopManagement() method of ManagementMBean. This method unregisters all of the Derby MBeans except ManagementMBean itself, so it does not turn access off completely.
The second technique is to run the Network Server with a custom security policy that does not grant derby.jar the permissions needed to register MBeans. For example, you can modify the Network Server's basic policy (see Basic Network Server security policy) by commenting out this section:
// Allows access to Derby's built-in MBeans, within the domain // org.apache.derby. // Derby must be allowed to register and unregister these MBeans. // It is possible to allow access only to specific MBeans, attributes or // operations. To fine tune this permission, see the javadoc of // javax.management.MBeanPermission or the JMX Instrumentation and Agent // Specification. // permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
If the permission to register MBeans is not granted to derby.jar, Derby will silently skip starting the management service at boot time.