Network Configuration

Copy and modify the example server.policy found at demo/templates/server.policy.

grant codeBase "file:/usr/local/share/sw/derby/lib/derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases","read";
  permission java.io.FilePermission "/usr/local/shoppingCartApp/databases/-", 
      "read,write,delete";
  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
      "write"; 

//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
  permission java.security.SecurityPermission "getPolicy";

//
// This permission lets you backup and restore databases
// to and from a selected branch of the local file system:
//
  permission java.io.FilePermission "/usr/local/shoppingCartApp/backups/-", "read,write,delete";
//
// This permission lets you import data from
// a selected branch of the local file system:
//
  permission java.io.FilePermission "/usr/local/shoppingCartApp/imports/-", "read";
//
// This permission lets you export data to
// a selected branch of the local file system:
//
  permission java.io.FilePermission "/usr/local/shoppingCartApp/exports/-", "write";
//
// This permission lets you load your databases with jar files of
// application code
//
  permission java.io.FilePermission "/usr/local/shoppingCartApp/lib/*", "read";
};

grant codeBase "file:/usr/local/share/sw/derby/lib/derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients
// originating from the localhost, on any port.
//
  permission java.net.SocketPermission "localhost:0-", "accept"; 
};
After customizing the Basic policy, you may bring up the Network Server as follows:

java -Djava.security.manager -Djava.security.policy=/usr/local/shoppingCartApp/lib/myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h localhost

Booting with the Network Policy .. modify the demo server policy .. the following changes must be made first

  • Replace the ${derby.install.url} variable with the location of the Derby jars in your local file system.
  • Replace the ${derby.system.home} variable with the location of your Derby system directory. Alternatively, rather than replacing this variable, you can simply set the value of the derby.system.home system property when you boot the server.
  • You may want to restrict the socket permission for derbynet.jar, which by default accepts connections from any host (“*”). * Note that the special wildcard address “0.0.0.0” is not understood by SocketPermission, even though Derby accepts this wildcard as a valid value for accepting connections on all network interfaces (IPv4).
java -Djava.security.manager -Djava.security.policy=myCustomized.policy org.apache.derby.drda.NetworkServerControl start -h localhost
 
derby_notes.txt · Last modified: 2013/09/24 10:28 by root
 
RSS - 200 © CrosswireDigitialMedia Ltd