svn commit: r522579 - in /db/derby/code/trunk: java/drda/org/apache/derby/drda/server.policy java/drda/org/apache/derby/drda/template.policy tools/release/build.xml

[rh...@apache.org]

Author: rhillegas
Date: Mon Mar 26 10:47:02 2007
New Revision: 522579

URL: http://svn.apache.org/viewvc?view=rev&rev=522579
Log:
DERBY-2466: Separate the template security policy from the default policy used by the secure-by-default server.

Added:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy   (with props)
Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/tools/release/build.xml

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?view=diff&rev=522579&r1=522578&r2=522579
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Mon Mar 26 10:47:02 2007
@@ -9,12 +9,6 @@
   permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
 
 //
-// This permission lets a DBA reload this policy file while the server
-// is still running.
-//
-  permission java.security.SecurityPermission "getPolicy";
-
-//
 // This permission lets you backup and restore databases
 // to and from arbitrary locations in your file system.
 //

Added: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?view=auto&rev=522579
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (added)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Mon Mar 26 10:47:02 2007
@@ -0,0 +1,42 @@
+//
+// This template policy file gives examples of how to configure the
+// permissions needed to run a Derby network server with the Java
+// Security manager.
+//
+grant codeBase "${derby.install.url}derby.jar"
+{
+//
+// These permissions are needed for everyday, embedded Derby usage.
+//
+  permission java.lang.RuntimePermission "createClassLoader";
+  permission java.util.PropertyPermission "derby.*", "read";
+  permission java.io.FilePermission "${derby.system.home}","read";
+  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+
+//
+// This permission lets a DBA reload the policy file while the server
+// is still running. The policy file is reloaded by invoking the
+// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+//
+  permission java.security.SecurityPermission "getPolicy";
+
+//
+// This permission lets you backup and restore databases
+// to and from arbitrary locations in your file system.
+//
+// This permission also lets you import/export data to and from
+// arbitrary locations in your file system.
+//
+// You may want to restrict this access to specific directories.
+//
+  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+grant codeBase "${derby.install.url}derbynet.jar"
+{
+//
+// This permission lets the Network Server manage connections from clients.
+//
+  permission java.net.SocketPermission "${derby.drda.host}:*", "accept"; 
+};
+

Propchange: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: db/derby/code/trunk/tools/release/build.xml
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/tools/release/build.xml?view=diff&rev=522579&r1=522578&r2=522579
==============================================================================
--- db/derby/code/trunk/tools/release/build.xml (original)
+++ db/derby/code/trunk/tools/release/build.xml Mon Mar 26 10:47:02 2007
@@ -94,7 +94,7 @@
                   fullpath="${derby.bin}/demo/programs/toursdb/build.xml"/>
       <zipfileset file="${derby.demo.src.dir}/toursdb/toursdb_readme.html"
                   fullpath="${derby.bin}/demo/programs/toursdb/toursdb_readme.html"/>
-      <zipfileset file="${derby.drda.dir}/drda/server.policy"
+      <zipfileset file="${derby.drda.dir}/drda/template.policy"
                   fullpath="${derby.bin}/demo/templates/server.policy"/>
       <zipfileset dir="${basedir}/classes" includes="SimpleApp.class"
                   prefix="${derby.bin}/demo/programs/simple"/>
@@ -146,7 +146,7 @@
                   fullpath="${derby.bin}/demo/programs/toursdb/build.xml"/>
       <tarfileset file="${derby.demo.src.dir}/toursdb/toursdb_readme.html"
                   fullpath="${derby.bin}/demo/programs/toursdb/toursdb_readme.html"/>
-      <tarfileset file="${derby.drda.dir}/drda/server.policy"
+      <tarfileset file="${derby.drda.dir}/drda/template.policy"
                   fullpath="${derby.bin}/demo/templates/server.policy"/>
       <tarfileset dir="${basedir}/classes" includes="SimpleApp.class"
                   prefix="${derby.bin}/demo/programs/simple"/>