{"id":104218,"date":"2020-04-28T16:00:35","date_gmt":"2020-04-28T13:00:35","guid":{"rendered":"https:\/\/www.javacodegeeks.com\/?p=104218"},"modified":"2020-04-27T15:47:08","modified_gmt":"2020-04-27T12:47:08","slug":"apache-derby-database-jvm-security-policy","status":"publish","type":"post","link":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html","title":{"rendered":"Apache Derby Database JVM Security Policy"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Abstract<\/h2>\n<p>I have already posted a number of blogs about Derby:<\/p>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.javacodegeeks.com\/2018\/11\/derby-database-backup.html\">Derby Database Backup<\/a><\/li>\n<li><a title=\"Multiple Derby Network Servers on the same Host\" href=\"https:\/\/mjremijan.blogspot.com\/2018\/08\/multiple-derby-network-servers-on-same.html\">Multiple Derby Network Servers on the same Host<\/a><\/li>\n<li><a href=\"https:\/\/www.javacodegeeks.com\/2018\/05\/apache-derby-database-users-and-permissions.html\">Apache Derby Database Users and Permissions<\/a><\/li>\n<li><a title=\"Integration Testing with Maven and an In-Memory Derby Database\" href=\"https:\/\/mjremijan.blogspot.com\/2014\/03\/integration-testing-with-maven-and-in.html\">Integration Testing with Maven and an In-Memory Derby Database<\/a><\/li>\n<\/ul>\n<p>This wasn&#8217;t intended to be a series. But over the years I&#8217;ve been using Derby more and more. I started using Derby as my database of choice for my Microservice architecture. These are personal-use applications, so Derby is more than sufficient. Even though these are personal-use applications, I require <a title=\"Multiple Derby Network Servers on the same Host\" href=\"https:\/\/mjremijan.blogspot.com\/2018\/08\/multiple-derby-network-servers-on-same.html\">multiple servers<\/a> with <a href=\"https:\/\/www.javacodegeeks.com\/2018\/05\/apache-derby-database-users-and-permissions.html\">limited user permissions<\/a>, and of course <a title=\"Derby Database Backup\" href=\"http:\/\/mjremijan.blogspot.com\/2018\/11\/derby-database-backup.html\">database backup and restoration<\/a>. The final requirement is security. I run my Derby databases on an Ubuntu Linux VM with the <code>derby<\/code> usr account. Although the <code>derby<\/code> usr account has limited permissions on the VM, any extra layer of security is good. So the purpose of this blog is to demonstrate how to run Derby with a <strong>Java security policy<\/strong> to limit the JVM&#8217;s permissions and enhance runtime security.<\/p>\n<h2 class=\"wp-block-heading\">Disclaimer<\/h2>\n<p>This post is solely informative. Critically think before using any information presented. Learn from it but ultimately make your own decisions at your own risk.<\/p>\n<h2 class=\"wp-block-heading\">Requirements<\/h2>\n<p>I did all of the work for this post using the following major technologies. You may be able to do the same thing with different technologies or versions, but no guarantees.<\/p>\n<ul class=\"wp-block-list\">\n<li>Apache Derby 10.14.2.0<\/li>\n<li>Java zulu11.39.15-ca-jdk11.0.7-linux_x64<\/li>\n<\/ul>\n<p>I am not going to go through the process of downloading and installing these technologies. I&#8217;ll leave that as an exercise for you.<\/p>\n<p><strong>NOTE<\/strong> Starting with version 10.15, the Derby project has been updated to use the Java 9 module system. As a result, the JAR files have changed quite a bit. It&#8217;s unlikely the security.policy below will work with version 10.15+. As of this blog&#8217;s publication date, I&#8217;ve yet to try it.<\/p>\n<h2 class=\"wp-block-heading\">Linux bash scripts<\/h2>\n<p>In order to manage Derby to run with a Java security policy, you need 3 scripts. The 1st script will setup the setup environment variables to configure Derby. The 2nd script will start the Derby network server, passing the correct command line parameters. The 3rd will stop the Derby network server.<\/p>\n<p>Listing 1.1 shows you the first of these scripts. It exports a number of system environment variables with configuration values specific to run Derby in your environment.<\/p>\n<h2 class=\"wp-block-heading\">Listing 1.1 &#8211; setenv.sh<\/h2>\n<div>\n<div id=\"highlighter_409184\" class=\"syntaxhighlighter  java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">01<\/div>\n<div class=\"line number2 index1 alt1\">02<\/div>\n<div class=\"line number3 index2 alt2\">03<\/div>\n<div class=\"line number4 index3 alt1\">04<\/div>\n<div class=\"line number5 index4 alt2\">05<\/div>\n<div class=\"line number6 index5 alt1\">06<\/div>\n<div class=\"line number7 index6 alt2\">07<\/div>\n<div class=\"line number8 index7 alt1\">08<\/div>\n<div class=\"line number9 index8 alt2\">09<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<div class=\"line number18 index17 alt1\">18<\/div>\n<div class=\"line number19 index18 alt2\">19<\/div>\n<div class=\"line number20 index19 alt1\">20<\/div>\n<div class=\"line number21 index20 alt2\">21<\/div>\n<div class=\"line number22 index21 alt1\">22<\/div>\n<div class=\"line number23 index22 alt2\">23<\/div>\n<div class=\"line number24 index23 alt1\">24<\/div>\n<div class=\"line number25 index24 alt2\">25<\/div>\n<div class=\"line number26 index25 alt1\">26<\/div>\n<div class=\"line number27 index26 alt2\">27<\/div>\n<div class=\"line number28 index27 alt1\">28<\/div>\n<div class=\"line number29 index28 alt2\">29<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">#!\/bin\/bash<\/code><\/div>\n<div class=\"line number2 index1 alt1\">&nbsp;<\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"java plain\">export DERBY_HOME=\/home\/derby\/opt\/derby<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java plain\">export PATH=<\/code><code class=\"java string\">\"$DERBY_HOME\/bin:$PATH\"<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"java plain\">echo <\/code><code class=\"java string\">\"DERBY_HOME=$DERBY_HOME\"<\/code><\/div>\n<div class=\"line number6 index5 alt1\">&nbsp;<\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java plain\">export JAVA_HOME=\/home\/derby\/opt\/java<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"java plain\">echo <\/code><code class=\"java string\">\"JAVA_HOME=$JAVA_HOME\"<\/code><\/div>\n<div class=\"line number9 index8 alt2\">&nbsp;<\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"java plain\">export NS_HOME=\/var\/local\/derby\/<\/code><code class=\"java value\">1527<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"java plain\">mkdir -p $NS_HOME<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"java plain\">echo <\/code><code class=\"java string\">\"NS_HOME=$NS_HOME\"<\/code><\/div>\n<div class=\"line number13 index12 alt2\">&nbsp;<\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"java plain\">export NS_PORT=<\/code><code class=\"java value\">1527<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"java plain\">echo <\/code><code class=\"java string\">\"NS_PORT=$NS_PORT\"<\/code><\/div>\n<div class=\"line number16 index15 alt1\">&nbsp;<\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"java plain\">export NS_HOST=<\/code><code class=\"java value\">0.0<\/code><code class=\"java plain\">.<\/code><code class=\"java value\">0.0<\/code><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"java plain\">echo <\/code><code class=\"java string\">\"NS_HOST=$NS_HOST\"<\/code><\/div>\n<div class=\"line number19 index18 alt2\">&nbsp;<\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"\"<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.drda.host=$NS_HOST\"<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.drda.portNumber=$NS_PORT\"<\/code><\/div>\n<div class=\"line number23 index22 alt2\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.system.home=$NS_HOME\"<\/code><\/div>\n<div class=\"line number24 index23 alt1\"><code class=\"java plain\"># Security Policy<\/code><\/div>\n<div class=\"line number25 index24 alt2\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.stream.error.logSeverityLevel=0\"<\/code><\/div>\n<div class=\"line number26 index25 alt1\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.security.port=$NS_PORT\"<\/code><\/div>\n<div class=\"line number27 index26 alt2\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Dderby.install.url=file:$DERBY_HOME\/lib\/\"<\/code><\/div>\n<div class=\"line number28 index27 alt1\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Djava.security.manager\"<\/code><\/div>\n<div class=\"line number29 index28 alt2\"><code class=\"java plain\">export DERBY_OPTS=<\/code><code class=\"java string\">\"$DERBY_OPTS -Djava.security.policy=$NS_HOME\/security.policy\"<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><strong>DERBY_HOME<\/strong> is self explanatory. It&#8217;s where Derby is unzipped (installed). Add Derby&#8217;s <code>bin<\/code> directory to the <code>PATH<\/code>.<\/p>\n<p><strong>JAVA_HOME<\/strong> is self explanatory. It&#8217;s where Java is unzipped (installed). Add Java&#8217;s <code>bin<\/code> directory to the <code>PATH<\/code>.<\/p>\n<p><strong>NS_HOME<\/strong> is &#8220;<strong>N<\/strong>etwork <strong>S<\/strong>erver Home&#8221;. This is the directory the Derby network server will use to store its configuration and databases. Whenever a new database is created on this Derby network server, a new sub-directory will be created under <code>NS_HOME<\/code> for the new database. This allows multiple Derby network servers running on the same host to keep their data separate.<\/p>\n<p><strong>NS_PORT<\/strong> is &#8220;<strong>N<\/strong>etwork <strong>S<\/strong>erver Port&#8221;. It&#8217;s the port the Derby network server uses to listen for connections. This allows multiple Derby network servers to run on the same host.<\/p>\n<p><strong>NS_HOST<\/strong> is &#8220;<strong>N<\/strong>etwork <strong>S<\/strong>erver Host&#8221;. It sets the network interface used by the Derby network server when listening for connections. By default, the Derby network server only listens for connections on the loopback address of <code>127.0.0.1<\/code>. This default means clients must run on the same host as the network server &#8211; not very useful. By setting the host to <code>0.0.0.0<\/code>, the Derby network server will listen for connections on any network interface on the host. If your VM has multiple network interfaces, <code>NS_HOST<\/code> should be set to the IP of one of those interfaces. Setting this value allows clients to be remote.<\/p>\n<p><strong>DERBY_OPTS<\/strong> is the system property used to get all of the configuration options to Derby. Its value is created by concatenating together the appropriate Derby system properties with their associated values. The first 3 properties are needed to start Derby with or without a security policy.<\/p>\n<ol class=\"wp-block-list\">\n<li>derby.drda.host<\/li>\n<li>derby.drda.portNumber<\/li>\n<li>derby.system.home<\/li>\n<\/ol>\n<p>The final 5 properties are needed for configuring Derby to run with a security policy.<\/p>\n<ol class=\"wp-block-list\">\n<li>derby.stream.error.logSeverityLevel<\/li>\n<li>derby.security.port<\/li>\n<li>derby.install.url<\/li>\n<li>java.security.manager<\/li>\n<li>java.security.policy<\/li>\n<\/ol>\n<p>One of the most important properties is <code>java.security.policy=$NS_HOME\/security.policy\"<\/code>. The value of this property points to a <code>security.policy<\/code> file which will configure the Java <a title=\"Java SecurityManager class\" href=\"https:\/\/docs.oracle.com\/javase\/7\/docs\/api\/java\/lang\/SecurityManager.html\"><code>SecurityManager<\/code><\/a>. You will read about creating the <code>security.policy<\/code> file in just a little bit. Next, you will look at the script for starting the server.<\/p>\n<p>Listing 1.2 shows you the second of these scripts. It starts the Derby networks server, passing the correct command line parameters so Derby runs with a security policy.<\/p>\n<h2 class=\"wp-block-heading\">Listing 1.2 &#8211; start.sh<\/h2>\n<div>\n<div id=\"highlighter_133033\" class=\"syntaxhighlighter  java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">01<\/div>\n<div class=\"line number2 index1 alt1\">02<\/div>\n<div class=\"line number3 index2 alt2\">03<\/div>\n<div class=\"line number4 index3 alt1\">04<\/div>\n<div class=\"line number5 index4 alt2\">05<\/div>\n<div class=\"line number6 index5 alt1\">06<\/div>\n<div class=\"line number7 index6 alt2\">07<\/div>\n<div class=\"line number8 index7 alt1\">08<\/div>\n<div class=\"line number9 index8 alt2\">09<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">#!\/bin\/bash<\/code><\/div>\n<div class=\"line number2 index1 alt1\">&nbsp;<\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"java plain\"># Directory of the script<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java plain\">SD=$( cd <\/code><code class=\"java string\">\"$( dirname \"<\/code><code class=\"java plain\">${BASH_SOURCE[<\/code><code class=\"java value\">0<\/code><code class=\"java plain\">]}<\/code><code class=\"java string\">\" )\"<\/code> <code class=\"java plain\">&amp;&amp; pwd )<\/code><\/div>\n<div class=\"line number5 index4 alt2\">&nbsp;<\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"java plain\"># Source in common variables<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java plain\">source $SD\/setenv.sh<\/code><\/div>\n<div class=\"line number8 index7 alt1\">&nbsp;<\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"java plain\"># Symlink the network server configurations<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"java plain\">ln -sf $SD\/..\/conf\/security.policy $NS_HOME\/security.policy<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"java plain\">ln -sf $SD\/..\/conf\/derby.properties $NS_HOME\/derby.properties<\/code><\/div>\n<div class=\"line number12 index11 alt1\">&nbsp;<\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"java plain\">startNetworkServer<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><strong>SD<\/strong> is <strong>S<\/strong>cript <strong>D<\/strong>irectory. The evaluation determines the fully-qualified file system location of the <code>start.sh<\/code> script and assigns it to <code>SD<\/code>. This is useful when referencing other scripts.<\/p>\n<p><strong>source<\/strong> is self explanatory. It sources in the system environment variables to configure the Derby network server. See listing 1.1 for details.<\/p>\n<p><strong>Symlink<\/strong> configuration is for the <code>security.policy<\/code> file and the <code>derby.properties<\/code> file. The purpose of the symlinks is to get these 2 files into the <code>$NS_HOME<\/code> directory. Derby looks for the <code>derby.properties<\/code> file in the <code>$NS_HOME<\/code> directory, so it needs to be there. For consistency (not a necessity), you want to put the <code>security.policy<\/code> file there as well. In listing 1.1 the <code>java.security.policy=$NS_HOME\/security.policy\"<\/code> property configures this location. For my environment, I have separated the <code>$NS_HOME<\/code> directory from the directory where I keep the management scripts and other Derby configuration files. The reason I do this is because of disaster recovery. I consider the <code>$NS_HOME<\/code> directory to be volitile, meaning if for some reason it goes missing (deleted, disk drive error, corrupted, new VM built, etc) I must be able to restore the database data, management scripts (<code>setenv.sh<\/code>, <code>start.sh<\/code>, <code>stop.sh<\/code>) and configuration files (<code>security.policy<\/code>, <code>derby.properties<\/code>) from my cloud backups. The <strong>real<\/strong> configuration files are kept outside of the <code>$NS_HOME<\/code> directory and <code>start.sh<\/code> symlinks them in the proper location.<\/p>\n<p><strong>startNetworkServer<\/strong> is a script provided by Derby (<code>$DERBY_HOME\/bin<\/code>) to start the network server. The <code>DERBY_OPTS<\/code> variable &#8211; set in <code>setenv.sh<\/code> &#8211; is used to configure the network server. By default, Derby runs with a limited security policy. However, since you configured the security policy, Derby will use your configuration instead of the default.<\/p>\n<p>You now have the Derby server environment configuration and start script. What you don&#8217;t have yet is the ability to stop the Derby network server. Stopping the server is easy. You will look at the script for stopping the server next.<\/p>\n<p><strong>NOTE<\/strong> The <code>security.policy<\/code> file is also needed still. You will read about it in just a few moments, I promise!<\/p>\n<p>Listing 1.3 shows you the third of these scripts. It stops the Derby networks server. Not too exciting, but it&#8217;s important to have a managed shutdown of the server to prevent data corruption.<\/p>\n<h2 class=\"wp-block-heading\">Listing 1.3 &#8211; stop.sh<\/h2>\n<div>\n<div id=\"highlighter_914039\" class=\"syntaxhighlighter  java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"java plain\">#!\/bin\/bash<\/code><\/div>\n<div class=\"line number2 index1 alt1\">&nbsp;<\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"java plain\"># Directory of the script<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java plain\">SD=$( cd <\/code><code class=\"java string\">\"$( dirname \"<\/code><code class=\"java plain\">${BASH_SOURCE[<\/code><code class=\"java value\">0<\/code><code class=\"java plain\">]}<\/code><code class=\"java string\">\" )\"<\/code> <code class=\"java plain\">&amp;&amp; pwd )<\/code><\/div>\n<div class=\"line number5 index4 alt2\">&nbsp;<\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"java plain\"># Source in common variables<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java plain\">source $SD\/setenv.sh<\/code><\/div>\n<div class=\"line number8 index7 alt1\">&nbsp;<\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"java plain\">stopNetworkServer<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>All of this is self explanatory. No further comments are needed for this script.<\/p>\n<h2 class=\"wp-block-heading\">The security.policy file<\/h2>\n<p>Derby comes with a demo security policy file. It is located in <code>DERBY_HOME\/demo\/templates\/security.policy<\/code>. Using this file as the starting point, I was able to produce a final version that met my requirements for:<\/p>\n<ul class=\"wp-block-list\">\n<li>Network (remote) access<\/li>\n<li>Localhost access<\/li>\n<li>Startup<\/li>\n<li>Shutdown<\/li>\n<li>Backup<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Listing 2.1 &#8211; security.policy<\/h2>\n<div>\n<div id=\"highlighter_302449\" class=\"syntaxhighlighter  java\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">001<\/div>\n<div class=\"line number2 index1 alt1\">002<\/div>\n<div class=\"line number3 index2 alt2\">003<\/div>\n<div class=\"line number4 index3 alt1\">004<\/div>\n<div class=\"line number5 index4 alt2\">005<\/div>\n<div class=\"line number6 index5 alt1\">006<\/div>\n<div class=\"line number7 index6 alt2\">007<\/div>\n<div class=\"line number8 index7 alt1\">008<\/div>\n<div class=\"line number9 index8 alt2\">009<\/div>\n<div class=\"line number10 index9 alt1\">010<\/div>\n<div class=\"line number11 index10 alt2\">011<\/div>\n<div class=\"line number12 index11 alt1\">012<\/div>\n<div class=\"line number13 index12 alt2\">013<\/div>\n<div class=\"line number14 index13 alt1\">014<\/div>\n<div class=\"line number15 index14 alt2\">015<\/div>\n<div class=\"line number16 index15 alt1\">016<\/div>\n<div class=\"line number17 index16 alt2\">017<\/div>\n<div class=\"line number18 index17 alt1\">018<\/div>\n<div class=\"line number19 index18 alt2\">019<\/div>\n<div class=\"line number20 index19 alt1\">020<\/div>\n<div class=\"line number21 index20 alt2\">021<\/div>\n<div class=\"line number22 index21 alt1\">022<\/div>\n<div class=\"line number23 index22 alt2\">023<\/div>\n<div class=\"line number24 index23 alt1\">024<\/div>\n<div class=\"line number25 index24 alt2\">025<\/div>\n<div class=\"line number26 index25 alt1\">026<\/div>\n<div class=\"line number27 index26 alt2\">027<\/div>\n<div class=\"line number28 index27 alt1\">028<\/div>\n<div class=\"line number29 index28 alt2\">029<\/div>\n<div class=\"line number30 index29 alt1\">030<\/div>\n<div class=\"line number31 index30 alt2\">031<\/div>\n<div class=\"line number32 index31 alt1\">032<\/div>\n<div class=\"line number33 index32 alt2\">033<\/div>\n<div class=\"line number34 index33 alt1\">034<\/div>\n<div class=\"line number35 index34 alt2\">035<\/div>\n<div class=\"line number36 index35 alt1\">036<\/div>\n<div class=\"line number37 index36 alt2\">037<\/div>\n<div class=\"line number38 index37 alt1\">038<\/div>\n<div class=\"line number39 index38 alt2\">039<\/div>\n<div class=\"line number40 index39 alt1\">040<\/div>\n<div class=\"line number41 index40 alt2\">041<\/div>\n<div class=\"line number42 index41 alt1\">042<\/div>\n<div class=\"line number43 index42 alt2\">043<\/div>\n<div class=\"line number44 index43 alt1\">044<\/div>\n<div class=\"line number45 index44 alt2\">045<\/div>\n<div class=\"line number46 index45 alt1\">046<\/div>\n<div class=\"line number47 index46 alt2\">047<\/div>\n<div class=\"line number48 index47 alt1\">048<\/div>\n<div class=\"line number49 index48 alt2\">049<\/div>\n<div class=\"line number50 index49 alt1\">050<\/div>\n<div class=\"line number51 index50 alt2\">051<\/div>\n<div class=\"line number52 index51 alt1\">052<\/div>\n<div class=\"line number53 index52 alt2\">053<\/div>\n<div class=\"line number54 index53 alt1\">054<\/div>\n<div class=\"line number55 index54 alt2\">055<\/div>\n<div class=\"line number56 index55 alt1\">056<\/div>\n<div class=\"line number57 index56 alt2\">057<\/div>\n<div class=\"line number58 index57 alt1\">058<\/div>\n<div class=\"line number59 index58 alt2\">059<\/div>\n<div class=\"line number60 index59 alt1\">060<\/div>\n<div class=\"line number61 index60 alt2\">061<\/div>\n<div class=\"line number62 index61 alt1\">062<\/div>\n<div class=\"line number63 index62 alt2\">063<\/div>\n<div class=\"line number64 index63 alt1\">064<\/div>\n<div class=\"line number65 index64 alt2\">065<\/div>\n<div class=\"line number66 index65 alt1\">066<\/div>\n<div class=\"line number67 index66 alt2\">067<\/div>\n<div class=\"line number68 index67 alt1\">068<\/div>\n<div class=\"line number69 index68 alt2\">069<\/div>\n<div class=\"line number70 index69 alt1\">070<\/div>\n<div class=\"line number71 index70 alt2\">071<\/div>\n<div class=\"line number72 index71 alt1\">072<\/div>\n<div class=\"line number73 index72 alt2\">073<\/div>\n<div class=\"line number74 index73 alt1\">074<\/div>\n<div class=\"line number75 index74 alt2\">075<\/div>\n<div class=\"line number76 index75 alt1\">076<\/div>\n<div class=\"line number77 index76 alt2\">077<\/div>\n<div class=\"line number78 index77 alt1\">078<\/div>\n<div class=\"line number79 index78 alt2\">079<\/div>\n<div class=\"line number80 index79 alt1\">080<\/div>\n<div class=\"line number81 index80 alt2\">081<\/div>\n<div class=\"line number82 index81 alt1\">082<\/div>\n<div class=\"line number83 index82 alt2\">083<\/div>\n<div class=\"line number84 index83 alt1\">084<\/div>\n<div class=\"line number85 index84 alt2\">085<\/div>\n<div class=\"line number86 index85 alt1\">086<\/div>\n<div class=\"line number87 index86 alt2\">087<\/div>\n<div class=\"line number88 index87 alt1\">088<\/div>\n<div class=\"line number89 index88 alt2\">089<\/div>\n<div class=\"line number90 index89 alt1\">090<\/div>\n<div class=\"line number91 index90 alt2\">091<\/div>\n<div class=\"line number92 index91 alt1\">092<\/div>\n<div class=\"line number93 index92 alt2\">093<\/div>\n<div class=\"line number94 index93 alt1\">094<\/div>\n<div class=\"line number95 index94 alt2\">095<\/div>\n<div class=\"line number96 index95 alt1\">096<\/div>\n<div class=\"line number97 index96 alt2\">097<\/div>\n<div class=\"line number98 index97 alt1\">098<\/div>\n<div class=\"line number99 index98 alt2\">099<\/div>\n<div class=\"line number100 index99 alt1\">100<\/div>\n<div class=\"line number101 index100 alt2\">101<\/div>\n<div class=\"line number102 index101 alt1\">102<\/div>\n<div class=\"line number103 index102 alt2\">103<\/div>\n<div class=\"line number104 index103 alt1\">104<\/div>\n<div class=\"line number105 index104 alt2\">105<\/div>\n<div class=\"line number106 index105 alt1\">106<\/div>\n<div class=\"line number107 index106 alt2\">107<\/div>\n<div class=\"line number108 index107 alt1\">108<\/div>\n<div class=\"line number109 index108 alt2\">109<\/div>\n<div class=\"line number110 index109 alt1\">110<\/div>\n<div class=\"line number111 index110 alt2\">111<\/div>\n<div class=\"line number112 index111 alt1\">112<\/div>\n<div class=\"line number113 index112 alt2\">113<\/div>\n<div class=\"line number114 index113 alt1\">114<\/div>\n<div class=\"line number115 index114 alt2\">115<\/div>\n<div class=\"line number116 index115 alt1\">116<\/div>\n<div class=\"line number117 index116 alt2\">117<\/div>\n<div class=\"line number118 index117 alt1\">118<\/div>\n<div class=\"line number119 index118 alt2\">119<\/div>\n<div class=\"line number120 index119 alt1\">120<\/div>\n<div class=\"line number121 index120 alt2\">121<\/div>\n<div class=\"line number122 index121 alt1\">122<\/div>\n<div class=\"line number123 index122 alt2\">123<\/div>\n<div class=\"line number124 index123 alt1\">124<\/div>\n<div class=\"line number125 index124 alt2\">125<\/div>\n<div class=\"line number126 index125 alt1\">126<\/div>\n<div class=\"line number127 index126 alt2\">127<\/div>\n<div class=\"line number128 index127 alt1\">128<\/div>\n<div class=\"line number129 index128 alt2\">129<\/div>\n<div class=\"line number130 index129 alt1\">130<\/div>\n<div class=\"line number131 index130 alt2\">131<\/div>\n<div class=\"line number132 index131 alt1\">132<\/div>\n<div class=\"line number133 index132 alt2\">133<\/div>\n<div class=\"line number134 index133 alt1\">134<\/div>\n<div class=\"line number135 index134 alt2\">135<\/div>\n<div class=\"line number136 index135 alt1\">136<\/div>\n<div class=\"line number137 index136 alt2\">137<\/div>\n<div class=\"line number138 index137 alt1\">138<\/div>\n<div class=\"line number139 index138 alt2\">139<\/div>\n<div class=\"line number140 index139 alt1\">140<\/div>\n<div class=\"line number141 index140 alt2\">141<\/div>\n<div class=\"line number142 index141 alt1\">142<\/div>\n<div class=\"line number143 index142 alt2\">143<\/div>\n<div class=\"line number144 index143 alt1\">144<\/div>\n<div class=\"line number145 index144 alt2\">145<\/div>\n<div class=\"line number146 index145 alt1\">146<\/div>\n<div class=\"line number147 index146 alt2\">147<\/div>\n<div class=\"line number148 index147 alt1\">148<\/div>\n<div class=\"line number149 index148 alt2\">149<\/div>\n<div class=\"line number150 index149 alt1\">150<\/div>\n<div class=\"line number151 index150 alt2\">151<\/div>\n<div class=\"line number152 index151 alt1\">152<\/div>\n<div class=\"line number153 index152 alt2\">153<\/div>\n<div class=\"line number154 index153 alt1\">154<\/div>\n<div class=\"line number155 index154 alt2\">155<\/div>\n<div class=\"line number156 index155 alt1\">156<\/div>\n<div class=\"line number157 index156 alt2\">157<\/div>\n<div class=\"line number158 index157 alt1\">158<\/div>\n<div class=\"line number159 index158 alt2\">159<\/div>\n<div class=\"line number160 index159 alt1\">160<\/div>\n<div class=\"line number161 index160 alt2\">161<\/div>\n<div class=\"line number162 index161 alt1\">162<\/div>\n<div class=\"line number163 index162 alt2\">163<\/div>\n<div class=\"line number164 index163 alt1\">164<\/div>\n<div class=\"line number165 index164 alt2\">165<\/div>\n<div class=\"line number166 index165 alt1\">166<\/div>\n<div class=\"line number167 index166 alt2\">167<\/div>\n<div class=\"line number168 index167 alt1\">168<\/div>\n<div class=\"line number169 index168 alt2\">169<\/div>\n<div class=\"line number170 index169 alt1\">170<\/div>\n<div class=\"line number171 index170 alt2\">171<\/div>\n<div class=\"line number172 index171 alt1\">172<\/div>\n<div class=\"line number173 index172 alt2\">173<\/div>\n<div class=\"line number174 index173 alt1\">174<\/div>\n<div class=\"line number175 index174 alt2\">175<\/div>\n<div class=\"line number176 index175 alt1\">176<\/div>\n<div class=\"line number177 index176 alt2\">177<\/div>\n<div class=\"line number178 index177 alt1\">178<\/div>\n<div class=\"line number179 index178 alt2\">179<\/div>\n<div class=\"line number180 index179 alt1\">180<\/div>\n<div class=\"line number181 index180 alt2\">181<\/div>\n<div class=\"line number182 index181 alt1\">182<\/div>\n<div class=\"line number183 index182 alt2\">183<\/div>\n<div class=\"line number184 index183 alt1\">184<\/div>\n<div class=\"line number185 index184 alt2\">185<\/div>\n<div class=\"line number186 index185 alt1\">186<\/div>\n<div class=\"line number187 index186 alt2\">187<\/div>\n<div class=\"line number188 index187 alt1\">188<\/div>\n<div class=\"line number189 index188 alt2\">189<\/div>\n<div class=\"line number190 index189 alt1\">190<\/div>\n<div class=\"line number191 index190 alt2\">191<\/div>\n<div class=\"line number192 index191 alt1\">192<\/div>\n<div class=\"line number193 index192 alt2\">193<\/div>\n<div class=\"line number194 index193 alt1\">194<\/div>\n<div class=\"line number195 index194 alt2\">195<\/div>\n<div class=\"line number196 index195 alt1\">196<\/div>\n<div class=\"line number197 index196 alt2\">197<\/div>\n<div class=\"line number198 index197 alt1\">198<\/div>\n<div class=\"line number199 index198 alt2\">199<\/div>\n<div class=\"line number200 index199 alt1\">200<\/div>\n<div class=\"line number201 index200 alt2\">201<\/div>\n<div class=\"line number202 index201 alt1\">202<\/div>\n<div class=\"line number203 index202 alt2\">203<\/div>\n<div class=\"line number204 index203 alt1\">204<\/div>\n<div class=\"line number205 index204 alt2\">205<\/div>\n<div class=\"line number206 index205 alt1\">206<\/div>\n<div class=\"line number207 index206 alt2\">207<\/div>\n<div class=\"line number208 index207 alt1\">208<\/div>\n<div class=\"line number209 index208 alt2\">209<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"java comments\">\/\/&nbsp;&nbsp; Licensed to the Apache Software Foundation (ASF) under one or more<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; contributor license agreements.&nbsp; See the NOTICE file distributed with<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"java comments\">\/\/&nbsp;&nbsp; this work for additional information regarding copyright ownership.<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; The ASF licenses this file to You under the Apache License, Version 2.0<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"java comments\">\/\/&nbsp;&nbsp; (the \"License\"); you may not use this file except in compliance with<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; the License.&nbsp; You may obtain a copy of the License at<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <a href=\"http:\/\/www.apache.org\/licenses\/LICENSE-2.0\">http:\/\/www.apache.org\/licenses\/LICENSE-2.0<\/a><\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; Unless required by applicable law or agreed to in writing, software<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"java comments\">\/\/&nbsp;&nbsp; distributed under the License is distributed on an \"AS IS\" BASIS,<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"java comments\">\/\/&nbsp;&nbsp; See the License for the specific language governing permissions and<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"java comments\">\/\/&nbsp;&nbsp; limitations under the License.<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number17 index16 alt2\">&nbsp;<\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"java plain\">grant codeBase <\/code><code class=\"java string\">\"${derby.install.url}derby.jar\"<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><code class=\"java plain\">{<\/code><\/div>\n<div class=\"line number20 index19 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ These permissions are needed for everyday, embedded Derby usage.<\/code><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"createClassLoader\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number23 index22 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"derby.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number24 index23 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"user.dir\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number25 index24 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"engine\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"usederbyinternals\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number26 index25 alt1\">&nbsp;<\/div>\n<div class=\"line number27 index26 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ The next two properties are used to determine if the VM is 32 or 64 bit.<\/code><\/div>\n<div class=\"line number28 index27 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number29 index28 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"sun.arch.data.model\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number30 index29 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"os.arch\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number31 index30 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.system.home}\"<\/code><code class=\"java plain\">,<\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number32 index31 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.system.home}${\/}-\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number33 index32 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"read,write,delete\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number34 index33 alt1\">&nbsp;<\/div>\n<div class=\"line number35 index34 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by sysinfo. A file permission is needed to check the existence of<\/code><\/div>\n<div class=\"line number36 index35 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ jars on the classpath. You can limit this permission to just the locations<\/code><\/div>\n<div class=\"line number37 index36 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which hold your jar files. This block is reproduced for all codebases<\/code><\/div>\n<div class=\"line number38 index37 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which include the sysinfo classes--the policy file syntax does not let you<\/code><\/div>\n<div class=\"line number39 index38 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ grant permissions to several codebases all at once.<\/code><\/div>\n<div class=\"line number40 index39 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number41 index40 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"user.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number42 index41 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.home\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number43 index42 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.class.path\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number44 index43 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number45 index44 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number46 index45 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getProtectionDomain\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number47 index46 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number48 index47 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number49 index48 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.install.path}${\/}-\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number50 index49 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"\/tmp${\/}-\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read,write,delete\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number51 index50 alt2\">&nbsp;<\/div>\n<div class=\"line number52 index51 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Permissions needed for JMX based management and monitoring.<\/code><\/div>\n<div class=\"line number53 index52 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number54 index53 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Allows this code to create an MBeanServer:<\/code><\/div>\n<div class=\"line number55 index54 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number56 index55 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission javax.management.MBeanServerPermission <\/code><code class=\"java string\">\"createMBeanServer\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number57 index56 alt2\">&nbsp;<\/div>\n<div class=\"line number58 index57 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Allows access to Derby's built-in MBeans, within the domain<\/code><\/div>\n<div class=\"line number59 index58 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ org.apache.derby.&nbsp; Derby must be allowed to register and unregister these<\/code><\/div>\n<div class=\"line number60 index59 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ MBeans.&nbsp; To fine tune this permission, see the javadoc of<\/code><\/div>\n<div class=\"line number61 index60 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ javax.management.MBeanPermission or the JMX Instrumentation and Agent<\/code><\/div>\n<div class=\"line number62 index61 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Specification.<\/code><\/div>\n<div class=\"line number63 index62 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number64 index63 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission javax.management.MBeanPermission<\/code><\/div>\n<div class=\"line number65 index64 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"org.apache.derby.*#[org.apache.derby:*]\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number66 index65 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"registerMBean,unregisterMBean\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number67 index66 alt2\">&nbsp;<\/div>\n<div class=\"line number68 index67 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Trusts Derby code to be a source of MBeans and to register these in the<\/code><\/div>\n<div class=\"line number69 index68 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ MBean server.<\/code><\/div>\n<div class=\"line number70 index69 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number71 index70 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission javax.management.MBeanTrustPermission <\/code><code class=\"java string\">\"register\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number72 index71 alt1\">&nbsp;<\/div>\n<div class=\"line number73 index72 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Gives permission for jmx to be used against Derby but only if JMX<\/code><\/div>\n<div class=\"line number74 index73 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ authentication is not being used.&nbsp; In that case the application would need<\/code><\/div>\n<div class=\"line number75 index74 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ to create a whole set of fine-grained permissions to allow specific users<\/code><\/div>\n<div class=\"line number76 index75 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ access to MBeans and actions they perform.<\/code><\/div>\n<div class=\"line number77 index76 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number78 index77 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"jmx\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"control\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number79 index78 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"engine\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"monitor\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number80 index79 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"server\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"monitor\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number81 index80 alt2\">&nbsp;<\/div>\n<div class=\"line number82 index81 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ getProtectionDomain is an optional permission needed for printing<\/code><\/div>\n<div class=\"line number83 index82 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ classpath information to derby.log<\/code><\/div>\n<div class=\"line number84 index83 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number85 index84 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getProtectionDomain\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number86 index85 alt1\">&nbsp;<\/div>\n<div class=\"line number87 index86 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ The following permission must be granted for Connection.abort(Executor) to<\/code><\/div>\n<div class=\"line number88 index87 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ work. Note that this permission must also be granted to outer<\/code><\/div>\n<div class=\"line number89 index88 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ (application) code domains.<\/code><\/div>\n<div class=\"line number90 index89 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number91 index90 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.sql.SQLPermission <\/code><code class=\"java string\">\"callAbort\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number92 index91 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.sql.SQLPermission <\/code><code class=\"java string\">\"deregisterDriver\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number93 index92 alt2\">&nbsp;<\/div>\n<div class=\"line number94 index93 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by FileUtil#limitAccessToOwner<\/code><\/div>\n<div class=\"line number95 index94 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number96 index95 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"accessUserInformation\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number97 index96 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getFileStoreAttributes\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number98 index97 alt1\"><code class=\"java plain\">};<\/code><\/div>\n<div class=\"line number99 index98 alt2\">&nbsp;<\/div>\n<div class=\"line number100 index99 alt1\">&nbsp;<\/div>\n<div class=\"line number101 index100 alt2\"><code class=\"java plain\">grant codeBase <\/code><code class=\"java string\">\"${derby.install.url}derbynet.jar\"<\/code><\/div>\n<div class=\"line number102 index101 alt1\"><code class=\"java plain\">{<\/code><\/div>\n<div class=\"line number103 index102 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ These permissions lets the Network Server manage connections from clients.<\/code><\/div>\n<div class=\"line number104 index103 alt1\">&nbsp;<\/div>\n<div class=\"line number105 index104 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Accept connections from any host. Derby is listening to the host interface<\/code><\/div>\n<div class=\"line number106 index105 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ specified via the -h option to \"NetworkServerControl start\" on the command<\/code><\/div>\n<div class=\"line number107 index106 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ line, via the address parameter to the<\/code><\/div>\n<div class=\"line number108 index107 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ org.apache.derby.drda.NetworkServerControl constructor in the API or via<\/code><\/div>\n<div class=\"line number109 index108 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ the property derby.drda.host; the default is localhost.&nbsp; You may want to<\/code><\/div>\n<div class=\"line number110 index109 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ restrict allowed hosts, e.g. to hosts in a specific subdomain,<\/code><\/div>\n<div class=\"line number111 index110 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ e.g. \"*.example.com\".<\/code><\/div>\n<div class=\"line number112 index111 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number113 index112 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"accept\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number114 index113 alt1\">&nbsp;<\/div>\n<div class=\"line number115 index114 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Allow the server to listen to the socket on the port specified with the<\/code><\/div>\n<div class=\"line number116 index115 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ -p option to \"NetworkServerControl start\" on the command line, or with<\/code><\/div>\n<div class=\"line number117 index116 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ the portNumber parameter to the NetworkServerControl constructor in the<\/code><\/div>\n<div class=\"line number118 index117 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ API, or with the property derby.drda.portNumber. The default is 1527.&nbsp; <\/code><\/div>\n<div class=\"line number119 index118 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"localhost:${derby.security.port}\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number120 index119 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"listen\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number121 index120 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"${derby.drda.host}:${derby.security.port}\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number122 index121 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"listen\"<\/code><code class=\"java plain\">;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/code><\/div>\n<div class=\"line number123 index122 alt2\">&nbsp;<\/div>\n<div class=\"line number124 index123 alt1\">&nbsp;<\/div>\n<div class=\"line number125 index124 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed for server tracing.<\/code><\/div>\n<div class=\"line number126 index125 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number127 index126 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.drda.traceDirectory}${\/}-\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number128 index127 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"read,write,delete\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number129 index128 alt2\">&nbsp;<\/div>\n<div class=\"line number130 index129 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by FileUtil#limitAccessToOwner<\/code><\/div>\n<div class=\"line number131 index130 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number132 index131 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"accessUserInformation\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number133 index132 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getFileStoreAttributes\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number134 index133 alt1\">&nbsp;<\/div>\n<div class=\"line number135 index134 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed for NetworkServerMBean access (see JMX section above)<\/code><\/div>\n<div class=\"line number136 index135 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number137 index136 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"server\"<\/code><code class=\"java plain\">,<\/code><\/div>\n<div class=\"line number138 index137 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/code><code class=\"java string\">\"control,monitor\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number139 index138 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission org.apache.derby.security.SystemPermission <\/code><code class=\"java string\">\"engine\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"usederbyinternals\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number140 index139 alt1\">&nbsp;<\/div>\n<div class=\"line number141 index140 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by sysinfo. A file permission is needed to check the existence of<\/code><\/div>\n<div class=\"line number142 index141 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ jars on the classpath. You can limit this permission to just the locations<\/code><\/div>\n<div class=\"line number143 index142 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which hold your jar files. This block is reproduced for all codebases<\/code><\/div>\n<div class=\"line number144 index143 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which include the sysinfo classes--the policy file syntax does not let you<\/code><\/div>\n<div class=\"line number145 index144 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ grant permissions to several codebases all at once.<\/code><\/div>\n<div class=\"line number146 index145 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number147 index146 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"user.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number148 index147 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.home\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number149 index148 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.class.path\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number150 index149 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number151 index150 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number152 index151 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getProtectionDomain\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number153 index152 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number154 index153 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number155 index154 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.install.path}${\/}-\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number156 index155 alt1\">&nbsp;<\/div>\n<div class=\"line number157 index156 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"derby.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read,write\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number158 index157 alt1\">&nbsp;<\/div>\n<div class=\"line number159 index158 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"localhost:${derby.security.port}\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"connect,resolve\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number160 index159 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"${derby.drda.host}:${derby.security.port}\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"connect,resolve\"<\/code><code class=\"java plain\">;&nbsp; <\/code><\/div>\n<div class=\"line number161 index160 alt2\"><code class=\"java plain\">};<\/code><\/div>\n<div class=\"line number162 index161 alt1\">&nbsp;<\/div>\n<div class=\"line number163 index162 alt2\">&nbsp;<\/div>\n<div class=\"line number164 index163 alt1\"><code class=\"java plain\">grant codeBase <\/code><code class=\"java string\">\"${derby.install.url}derbytools.jar\"<\/code><\/div>\n<div class=\"line number165 index164 alt2\"><code class=\"java plain\">{<\/code><\/div>\n<div class=\"line number166 index165 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by sysinfo. A file permission is needed to check the existence of<\/code><\/div>\n<div class=\"line number167 index166 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ jars on the classpath. You can limit this permission to just the locations<\/code><\/div>\n<div class=\"line number168 index167 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which hold your jar files. This block is for all codebases which include<\/code><\/div>\n<div class=\"line number169 index168 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ the sysinfo classes--the policy file syntax does not let you grant<\/code><\/div>\n<div class=\"line number170 index169 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ permissions to several codebases all at once.<\/code><\/div>\n<div class=\"line number171 index170 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number172 index171 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"user.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number173 index172 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.home\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number174 index173 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.class.path\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number175 index174 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number176 index175 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number177 index176 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getProtectionDomain\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number178 index177 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"&lt;&lt;ALL FILES&gt;&gt;\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number179 index178 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number180 index179 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number181 index180 alt2\">&nbsp;<\/div>\n<div class=\"line number182 index181 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read,write\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number183 index182 alt2\"><code class=\"java plain\">};<\/code><\/div>\n<div class=\"line number184 index183 alt1\">&nbsp;<\/div>\n<div class=\"line number185 index184 alt2\"><code class=\"java plain\">grant codeBase <\/code><code class=\"java string\">\"${derby.install.url}derbyclient.jar\"<\/code><\/div>\n<div class=\"line number186 index185 alt1\"><code class=\"java plain\">{<\/code><\/div>\n<div class=\"line number187 index186 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ Needed by sysinfo. A file permission is needed to check the existence of<\/code><\/div>\n<div class=\"line number188 index187 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ jars on the classpath. You can limit this permission to just the locations<\/code><\/div>\n<div class=\"line number189 index188 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which hold your jar files. This block is reproduced for all codebases<\/code><\/div>\n<div class=\"line number190 index189 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ which include the sysinfo classes--the policy file syntax does not let you<\/code><\/div>\n<div class=\"line number191 index190 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ grant permissions to several codebases all at once.<\/code><\/div>\n<div class=\"line number192 index191 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number193 index192 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"user.*\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number194 index193 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.home\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number195 index194 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.class.path\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number196 index195 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.runtime.version\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number197 index196 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.util.PropertyPermission <\/code><code class=\"java string\">\"java.fullversion\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number198 index197 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.lang.RuntimePermission <\/code><code class=\"java string\">\"getProtectionDomain\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number199 index198 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.io.FilePermission <\/code><code class=\"java string\">\"${derby.install.path}${\/}-\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"read\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number200 index199 alt1\">&nbsp;<\/div>\n<div class=\"line number201 index200 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ The following permission must be granted for Connection.abort(Executor) to<\/code><\/div>\n<div class=\"line number202 index201 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ work.&nbsp; Note that this permission must also be granted to outer<\/code><\/div>\n<div class=\"line number203 index202 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/ (application) code domains.<\/code><\/div>\n<div class=\"line number204 index203 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java comments\">\/\/<\/code><\/div>\n<div class=\"line number205 index204 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.sql.SQLPermission <\/code><code class=\"java string\">\"callAbort\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number206 index205 alt1\">&nbsp;<\/div>\n<div class=\"line number207 index206 alt2\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"localhost:${derby.security.port}\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"connect,resolve\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number208 index207 alt1\"><code class=\"java spaces\">&nbsp;&nbsp;<\/code><code class=\"java plain\">permission java.net.SocketPermission <\/code><code class=\"java string\">\"${derby.drda.host}:${derby.security.port}\"<\/code><code class=\"java plain\">, <\/code><code class=\"java string\">\"connect,resolve\"<\/code><code class=\"java plain\">;<\/code><\/div>\n<div class=\"line number209 index208 alt2\"><code class=\"java plain\">};<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Policy files are a lot to take in. After 20 years using Java, I&#8217;ve only come across them just a handful of times. I don&#8217;t pretend to know everything that goes into a policy file. All I know is this file is working for all my requirements. Each Derby update requires testing and maybe some tweeking. The derby-users@db.apache.org mailing list is your best source of information.<div style=\"display:inline-block; margin: 15px 0;\"> <div id=\"adngin-JavaCodeGeeks_incontent_video-0\" style=\"display:inline-block;\"><\/div> <\/div><\/p>\n<p>A big shout out to Rick Hillegas from the derby-users@db.apache.org mailing list for helping me get to this version of the policy file. He provided most of it and I added the following to meet my requirements.<\/p>\n<p>Line 50 <strong><code>permission java.io.FilePermission \"\/tmp${\/}-\", \"read,write,delete\";<\/code><\/strong>. My <a title=\"Derby Database Backup\" href=\"http:\/\/mjremijan.blogspot.com\/2018\/11\/derby-database-backup.html\">database backup process<\/a> uses <code>CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE (\u2018\/tmp\/resiste-backup\/1527\u2019)<\/code>. So the <code>derby.jar<\/code> file needs read,write,delete permissions to the <code>\/tmp<\/code> directory on the file system so it can write the backup into that directory.<\/p>\n<p>Line 92 <strong><code>permission java.sql.SQLPermission \"deregisterDriver\";<\/code><\/strong>. When administering my Derby database with the the <code>ij<\/code> tool, found an exception in the <code>derby.log<\/code> file about <code>deregisterDriver<\/code>. So I added this permission to the <code>derby.jar<\/code> file as well.<\/p>\n<p>Line 160 <strong><code>permission java.net.SocketPermission \"${derby.drda.host}:${derby.security.port}\", \"connect,resolve\";<\/code><\/strong>. Properties <code>derby.drda.host<\/code> and <code>derby.security.port<\/code> are set in the <code>setenv.sh<\/code> script (listing 1.1). I had to add this permission because my Derby network server is accessed by remote (non-localhost) clients. In <code>setenv.sh<\/code>, I use <code>-Dderby.drda.host=0.0.0.0<\/code> to override the default localhost-only interface listening. I also found I needed this in the policy file while testing the <code>stop.sh<\/code> script (listing 1.3).<\/p>\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n<p>That&#8217;s it. I hope you enjoyed learning how to run a Derby network server with a security policy.<\/p>\n<div class=\"attribution\">\n<table>\n<tbody>\n<tr>\n<td>\n<p>Published on Java Code Geeks with permission by Michael Remijan, partner at our <a href=\"\/\/www.javacodegeeks.com\/join-us\/jcg\/\" target=\"_blank\" rel=\"noopener noreferrer\">JCG program<\/a>. See the original article here: <a href=\"http:\/\/mjremijan.blogspot.com\/2020\/04\/apache-derby-database-jvm-security.html\" target=\"_blank\" rel=\"noopener noreferrer\">Apache Derby Database JVM Security Policy<\/a><\/p>\n<p>Opinions expressed by Java Code Geeks contributors are their own.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Abstract I have already posted a number of blogs about Derby: Derby Database Backup Multiple Derby Network Servers on the same Host Apache Derby Database Users and Permissions Integration Testing with Maven and an In-Memory Derby Database This wasn&#8217;t intended to be a series. But over the years I&#8217;ve been using Derby more and more. &hellip;<\/p>\n","protected":false},"author":3178,"featured_media":112,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[56,428,207],"class_list":["post-104218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-enterprise-java","tag-apache-derby","tag-database","tag-jvm"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Apache Derby Database JVM Security Policy - Java Code Geeks<\/title>\n<meta name=\"description\" content=\"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM&#039;s permissions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Derby Database JVM Security Policy - Java Code Geeks\" \/>\n<meta property=\"og:description\" content=\"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM&#039;s permissions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html\" \/>\n<meta property=\"og:site_name\" content=\"Java Code Geeks\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/javacodegeeks\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-28T13:00:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"150\" \/>\n\t<meta property=\"og:image:height\" content=\"150\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Remijan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:site\" content=\"@javacodegeeks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Remijan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html\"},\"author\":{\"name\":\"Michael Remijan\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/29887059c051a7f738ae776d5aba9e27\"},\"headline\":\"Apache Derby Database JVM Security Policy\",\"datePublished\":\"2020-04-28T13:00:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html\"},\"wordCount\":1500,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"keywords\":[\"Apache Derby\",\"Database\",\"JVM\"],\"articleSection\":[\"Enterprise Java\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html\",\"name\":\"Apache Derby Database JVM Security Policy - Java Code Geeks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"datePublished\":\"2020-04-28T13:00:35+00:00\",\"description\":\"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM's permissions.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#primaryimage\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2012\\\/10\\\/enterprise-java-logo.jpg\",\"width\":150,\"height\":150,\"caption\":\"java-interview-questions-answers\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/2020\\\/04\\\/apache-derby-database-jvm-security-policy.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enterprise Java\",\"item\":\"https:\\\/\\\/www.javacodegeeks.com\\\/category\\\/java\\\/enterprise-java\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Apache Derby Database JVM Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#website\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"name\":\"Java Code Geeks\",\"description\":\"Java Developers Resource Center\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\"},\"alternateName\":\"JCG\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.javacodegeeks.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#organization\",\"name\":\"Exelixis Media P.C.\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.javacodegeeks.com\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/exelixis-logo.png\",\"width\":864,\"height\":246,\"caption\":\"Exelixis Media P.C.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/javacodegeeks\",\"https:\\\/\\\/x.com\\\/javacodegeeks\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.javacodegeeks.com\\\/#\\\/schema\\\/person\\\/29887059c051a7f738ae776d5aba9e27\",\"name\":\"Michael Remijan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g\",\"caption\":\"Michael Remijan\"},\"description\":\"Michael Remijan is a System Architect at the Federal Reserve Bank St. Louis. He is co-author of 'EJB 3 In Action Second', an active blogger in the Java EE community, a Java EE Guardian, and JavaOne presenter. He has developed enterprise systems for B2C and B2B commerce, manufacturing, astronomy, agriculture, telecommunications, national defense, healthcare, and financial areas.\",\"sameAs\":[\"http:\\\/\\\/mjremijan.blogspot.gr\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/mjremijan\\\/\"],\"url\":\"https:\\\/\\\/www.javacodegeeks.com\\\/author\\\/michael-remijan\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache Derby Database JVM Security Policy - Java Code Geeks","description":"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM's permissions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html","og_locale":"en_US","og_type":"article","og_title":"Apache Derby Database JVM Security Policy - Java Code Geeks","og_description":"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM's permissions.","og_url":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html","og_site_name":"Java Code Geeks","article_publisher":"https:\/\/www.facebook.com\/javacodegeeks","article_published_time":"2020-04-28T13:00:35+00:00","og_image":[{"width":150,"height":150,"url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","type":"image\/jpeg"}],"author":"Michael Remijan","twitter_card":"summary_large_image","twitter_creator":"@javacodegeeks","twitter_site":"@javacodegeeks","twitter_misc":{"Written by":"Michael Remijan","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#article","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html"},"author":{"name":"Michael Remijan","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/29887059c051a7f738ae776d5aba9e27"},"headline":"Apache Derby Database JVM Security Policy","datePublished":"2020-04-28T13:00:35+00:00","mainEntityOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html"},"wordCount":1500,"commentCount":0,"publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","keywords":["Apache Derby","Database","JVM"],"articleSection":["Enterprise Java"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html","url":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html","name":"Apache Derby Database JVM Security Policy - Java Code Geeks","isPartOf":{"@id":"https:\/\/www.javacodegeeks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#primaryimage"},"image":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#primaryimage"},"thumbnailUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","datePublished":"2020-04-28T13:00:35+00:00","description":"Interested to learn about Apache Derby Database? Check our article explaining how to run Derby with a Java security policy to limit the JVM's permissions.","breadcrumb":{"@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#primaryimage","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2012\/10\/enterprise-java-logo.jpg","width":150,"height":150,"caption":"java-interview-questions-answers"},{"@type":"BreadcrumbList","@id":"https:\/\/www.javacodegeeks.com\/2020\/04\/apache-derby-database-jvm-security-policy.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.javacodegeeks.com\/"},{"@type":"ListItem","position":2,"name":"Java","item":"https:\/\/www.javacodegeeks.com\/category\/java"},{"@type":"ListItem","position":3,"name":"Enterprise Java","item":"https:\/\/www.javacodegeeks.com\/category\/java\/enterprise-java"},{"@type":"ListItem","position":4,"name":"Apache Derby Database JVM Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/www.javacodegeeks.com\/#website","url":"https:\/\/www.javacodegeeks.com\/","name":"Java Code Geeks","description":"Java Developers Resource Center","publisher":{"@id":"https:\/\/www.javacodegeeks.com\/#organization"},"alternateName":"JCG","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.javacodegeeks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.javacodegeeks.com\/#organization","name":"Exelixis Media P.C.","url":"https:\/\/www.javacodegeeks.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","contentUrl":"https:\/\/www.javacodegeeks.com\/wp-content\/uploads\/2022\/06\/exelixis-logo.png","width":864,"height":246,"caption":"Exelixis Media P.C."},"image":{"@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/javacodegeeks","https:\/\/x.com\/javacodegeeks"]},{"@type":"Person","@id":"https:\/\/www.javacodegeeks.com\/#\/schema\/person\/29887059c051a7f738ae776d5aba9e27","name":"Michael Remijan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/660a324990ecdd382c28c15ae952984b3157b2bc7ad8524692f52f516b155954?s=96&d=mm&r=g","caption":"Michael Remijan"},"description":"Michael Remijan is a System Architect at the Federal Reserve Bank St. Louis. He is co-author of 'EJB 3 In Action Second', an active blogger in the Java EE community, a Java EE Guardian, and JavaOne presenter. He has developed enterprise systems for B2C and B2B commerce, manufacturing, astronomy, agriculture, telecommunications, national defense, healthcare, and financial areas.","sameAs":["http:\/\/mjremijan.blogspot.gr\/","https:\/\/www.linkedin.com\/in\/mjremijan\/"],"url":"https:\/\/www.javacodegeeks.com\/author\/michael-remijan"}]}},"_links":{"self":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/104218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/users\/3178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/comments?post=104218"}],"version-history":[{"count":0,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/posts\/104218\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media\/112"}],"wp:attachment":[{"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/media?parent=104218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/categories?post=104218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.javacodegeeks.com\/wp-json\/wp\/v2\/tags?post=104218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}