• Home
• io.snappydata
• gemfirexd-core
• 1.5.0-BETA.3
• source code
• template.policy

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.pivotal.gemfirexd.internal.drda.template.policy Maven / Gradle / Ivy

//
//   Licensed to the Apache Software Foundation (ASF) under one or more
//   contributor license agreements.  See the NOTICE file distributed with
//   this work for additional information regarding copyright ownership.
//   The ASF licenses this file to You under the Apache License, Version 2.0
//   (the "License"); you may not use this file except in compliance with
//   the License.  You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//

//
// This template policy file gives examples of how to configure the
// permissions needed to run a GemFireXD Network Server with the Java
// Security manager.
//
grant codeBase "${gemfirexd.install.url}gemfirexd.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "gemfirexd.*", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "gemfirexd.storage.jvmInstanceId", 
      "write"; 
  permission java.io.FilePermission "${gemfirexd.system.home}","read";
  permission java.io.FilePermission "${gemfirexd.system.home}${/}-", "read,write,delete";

//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.RELOAD_SECURITY_POLICY() system procedure.
//
  permission java.security.SecurityPermission "getPolicy";

//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
  permission java.io.FilePermission "<>", "read,write,delete";


//
// Permissions needed for JMX based management and monitoring, which is only
// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
//
// Allows this code to create an MBeanServer:
//
  permission javax.management.MBeanServerPermission "createMBeanServer";
//
// Allows access to Derby's built-in MBeans, within the domain com.pivotal.gemfirexd.internal.
// Derby must be allowed to register and unregister these MBeans.
// It is possible to allow access only to specific MBeans, attributes or 
// operations. To fine tune this permission, see the javadoc of 
// javax.management.MBeanPermission or the JMX Instrumentation and Agent 
// Specification. 
//
  permission javax.management.MBeanPermission "com.pivotal.gemfirexd.internal.*#[com.pivotal.gemfirexd.internal:*]","registerMBean,unregisterMBean";
//
// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
//
  permission javax.management.MBeanTrustPermission "register";

//};

//grant codeBase "${gemfirexd.install.url}gemfirexd.jar"
//{
//
// This permission lets the Network Server manage connections from clients.
//

// Accept connections from any host. Derby is listening to the host
// interface specified via the -h option to "NetworkServerControl
// start" on the command line, via the address parameter to the
// com.pivotal.gemfirexd.internal.drda.NetworkServerControl constructor in the API
// or via the property gemfirexd.drda.host; the default is localhost.
// You may want to restrict allowed hosts, e.g. to hosts in a specific
// subdomain, e.g. "*.acme.com".

  permission java.net.SocketPermission "*", "accept"; 

//
// Needed for server tracing.
//
  permission java.io.FilePermission "${gemfirexd.drda.traceDirectory}${/}-", "read,write,delete";

//
// JMX: Uncomment this permission to allow the ping operation of the 
//      NetworkServerMBean to connect to the Network Server.
//permission java.net.SocketPermission "*", "connect,resolve";


//
// Needed by sysinfo. The file permission is needed to
// check the existence of jars on the classpath. You can
// limit this permission to just the locations which hold
// your jar files.
//
// In this template file, this block of permissions is granted
// to gemfirexd.jar under the assumption that gemfirexd.jar is
// the first jar file in your classpath which contains the
// sysinfo classes. If that is not the case, then you will want
// to grant this block of permissions to the first jar file
// in your classpath which contains the sysinfo classes.
// Those classes are bundled into the following Derby
// jar files:
//
//    gemfirexd.jar
//    gemfirexd-client.jar
//    gemfirexd-tools.jar
//
  permission java.util.PropertyPermission "user.*", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.class.path", "read";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission java.io.FilePermission "<>", "read";
};