db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r1483215 - in /db/derby/code/trunk/java/drda/org/apache/derby/drda: server.policy template.policy
Date Thu, 16 May 2013 07:19:36 GMT
Author: dag
Date: Thu May 16 07:19:36 2013
New Revision: 1483215

URL: http://svn.apache.org/r1483215
Log:
DERBY-6207 Update policy files in java/drda/org/apache/derby/drda

Removed permission java.util.PropertyPermission "derby.storage.jvmInstanceId", "write";

which is no longer needed, plus formatting improvements.

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
    db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy?rev=1483215&r1=1483214&r2=1483215&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/server.policy Thu May 16 07:19:36
2013
@@ -17,40 +17,36 @@
 
 grant codeBase "${derby.install.url}derby.jar"
 {
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.util.PropertyPermission "user.dir", "read";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
+
   // The next two properties are used to determine if the VM is 32 or 64 bit.
+  //
   permission java.util.PropertyPermission "sun.arch.data.model", "read";
   permission java.util.PropertyPermission "os.arch", "read";
   permission java.io.FilePermission "${derby.system.home}","read";
-  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}-",
+      "read,write,delete";
 
-//
-// This permission lets you backup and restore databases
-// to and from arbitrary locations in your file system.
-//
-// This permission also lets you import/export data to and from
-// arbitrary locations in your file system.
-//
-// You may want to restrict this access to specific directories.
-//
+  // This permission lets you backup and restore databases to and from
+  // arbitrary locations in your file system.
+  //
+  // This permission also lets you import/export data to and from arbitrary
+  // locations in your file system.
+  //
+  // You may want to restrict this access to specific directories.
+  //
   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
 
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files. This block is reproduced for all codebases
-// which include the sysinfo classes--the policy file syntax
-// does not let you grant permissions to several codebases
-// all at once.
-//
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";
@@ -61,85 +57,89 @@ grant codeBase "${derby.install.url}derb
   permission java.io.FilePermission "java.runtime.version", "read";
   permission java.io.FilePermission "java.fullversion", "read";
 
-//
-// Permissions needed for JMX based management and monitoring, which is only
-// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
-//
-// Allows this code to create an MBeanServer:
-//
+  // Permissions needed for JMX based management and monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
   permission javax.management.MBeanServerPermission "createMBeanServer";
-//
-// Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
-// Derby must be allowed to register and unregister these MBeans.
-// To fine tune this permission, see the javadoc of javax.management.MBeanPermission
-// or the JMX Instrumentation and Agent Specification.
-//
-  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-//
-// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
-//
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent
+  // Specification.
+  //
+  permission javax.management.MBeanPermission
+       "org.apache.derby.*#[org.apache.derby:*]",
+       "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the
+  // MBean server.
+  //
   permission javax.management.MBeanTrustPermission "register";
-  
-  // Gives permission for jmx to be used against Derby but
-  // only if JMX authentication is not being used.
-  // In that case the application would need to create
-  // a whole set of fine-grained permissions to allow specific
-  // users access to MBeans and actions they perform.
+
+  // Gives permission for jmx to be used against Derby but only if JMX
+  // authentication is not being used.  In that case the application would need
+  // to create a whole set of fine-grained permissions to allow specific users
+  // access to MBeans and actions they perform.
+  //
   permission org.apache.derby.security.SystemPermission "jmx", "control";
   permission org.apache.derby.security.SystemPermission "engine", "monitor";
   permission org.apache.derby.security.SystemPermission "server", "monitor";
 
-  // getProtectionDomain is an optional permission needed for printing classpath
-  // information to derby.log
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log
+  //
   permission java.lang.RuntimePermission "getProtectionDomain";
 
-  //
-  // The following permission must be granted for Connection.abort(Executor) to work.
-  // Note that this permission must also be granted to outer (application) code domains.
+  // The following permission must be granted for Connection.abort(Executor) to
+  // work. Note that this permission must also be granted to outer
+  // (application) code domains.
   //
   permission java.sql.SQLPermission "callAbort";
 
   // Needed by FileUtil#limitAccessToOwner
+  //
   permission java.lang.RuntimePermission "accessUserInformation";
   permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
+
 grant codeBase "${derby.install.url}derbynet.jar"
 {
-//
-// This permission lets the Network Server manage connections from clients.
-//
-
-// Accept connections from any host. Derby is listening to the host
-// interface specified via the -h option to "NetworkServerControl
-// start" on the command line, via the address parameter to the
-// org.apache.derby.drda.NetworkServerControl constructor in the API
-// or via the property derby.drda.host; the default is localhost.
-// You may want to restrict allowed hosts, e.g. to hosts in a specific
-// subdomain, e.g. "*.example.com".
-
-  permission java.net.SocketPermission "*", "accept"; 
-
-//
-// Needed for server tracing.
-//
-  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+  // These permissions lets the Network Server manage connections from clients.
+
+  // Accept connections from any host. Derby is listening to the host interface
+  // specified via the -h option to "NetworkServerControl start" on the command
+  // line, via the address parameter to the
+  // org.apache.derby.drda.NetworkServerControl constructor in the API or via
+  // the property derby.drda.host; the default is localhost.  You may want to
+  // restrict allowed hosts, e.g. to hosts in a specific subdomain,
+  // e.g. "*.example.com".
+  //
+  permission java.net.SocketPermission "*", "accept";
+
+  // Needed for server tracing.
+  //
+  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
+      "read,write,delete";
+
   // Needed by FileUtil#limitAccessToOwner
+  //
   permission java.lang.RuntimePermission "accessUserInformation";
   permission java.lang.RuntimePermission "getFileStoreAttributes";
-  
+
   // Needed for NetworkServerMBean access (see JMX section above)
-  permission org.apache.derby.security.SystemPermission "server", "control,monitor";
+  //
+  permission org.apache.derby.security.SystemPermission "server",
+      "control,monitor";
 
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files. This block is reproduced for all codebases
-// which include the sysinfo classes--the policy file syntax
-// does not let you grant permissions to several codebases
-// all at once.
-//
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";
@@ -154,15 +154,12 @@ grant codeBase "${derby.install.url}derb
 
 grant codeBase "${derby.install.url}derbytools.jar"
 {
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files. This block is for all codebases
-// which include the sysinfo classes--the policy file syntax
-// does not let you grant permissions to several codebases
-// all at once.
-//
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is for all codebases which include
+  // the sysinfo classes--the policy file syntax does not let you grant
+  // permissions to several codebases all at once.
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";
@@ -176,15 +173,12 @@ grant codeBase "${derby.install.url}derb
 
 grant codeBase "${derby.install.url}derbyclient.jar"
 {
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files. This block is reproduced for all codebases
-// which include the sysinfo classes--the policy file syntax
-// does not let you grant permissions to several codebases
-// all at once.
-//
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files. This block is reproduced for all codebases
+  // which include the sysinfo classes--the policy file syntax does not let you
+  // grant permissions to several codebases all at once.
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";
@@ -195,13 +189,9 @@ grant codeBase "${derby.install.url}derb
   permission java.io.FilePermission "java.runtime.version", "read";
   permission java.io.FilePermission "java.fullversion", "read";
 
-  //
-  // The following permission must be granted for Connection.abort(Executor) to work.
-  // Note that this permission must also be granted to outer (application) code domains.
+  // The following permission must be granted for Connection.abort(Executor) to
+  // work.  Note that this permission must also be granted to outer
+  // (application) code domains.
   //
   permission java.sql.SQLPermission "callAbort";
 };
-
-
-
-

Modified: db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy?rev=1483215&r1=1483214&r2=1483215&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/drda/template.policy Thu May 16 07:19:36
2013
@@ -15,134 +15,130 @@
 //   limitations under the License.
 //
 
-//
 // This template policy file gives examples of how to configure the
 // permissions needed to run a Derby network server with the Java
 // Security manager.
 //
 grant codeBase "${derby.install.url}derby.jar"
 {
-//
-// These permissions are needed for everyday, embedded Derby usage.
-//
+  // These permissions are needed for everyday, embedded Derby usage.
+  //
   permission java.lang.RuntimePermission "createClassLoader";
   permission java.util.PropertyPermission "derby.*", "read";
   permission java.util.PropertyPermission "user.dir", "read";
-  permission java.util.PropertyPermission "derby.storage.jvmInstanceId", 
-      "write"; 
+
   // The next two properties are used to determine if the VM is 32 or 64 bit.
+  //
   permission java.util.PropertyPermission "sun.arch.data.model", "read";
   permission java.util.PropertyPermission "os.arch", "read";
   permission java.io.FilePermission "${derby.system.home}","read";
-  permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete";
+  permission java.io.FilePermission "${derby.system.home}${/}-",
+      "read,write,delete";
 
-//
-// This permission lets a DBA reload the policy file while the server
-// is still running. The policy file is reloaded by invoking the
-// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
-//
+  // This permission lets a DBA reload the policy file while the server is
+  // still running. The policy file is reloaded by invoking the
+  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
+  //
   permission java.security.SecurityPermission "getPolicy";
 
-//
-// This permission lets you backup and restore databases
-// to and from arbitrary locations in your file system.
-//
-// This permission also lets you import/export data to and from
-// arbitrary locations in your file system.
-//
-// You may want to restrict this access to specific directories.
-//
+  // This permission lets you backup and restore databases to and from
+  // arbitrary locations in your file system.
+  //
+  // This permission also lets you import/export data to and from arbitrary
+  // locations in your file system.
+  //
+  // You may want to restrict this access to specific directories.
+  //
   permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
 
-
-//
-// Permissions needed for JMX based management and monitoring, which is only
-// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
-//
-// Allows this code to create an MBeanServer:
-//
+  // Permissions needed for JMX based management and monitoring.
+  //
+  // Allows this code to create an MBeanServer:
+  //
   permission javax.management.MBeanServerPermission "createMBeanServer";
-//
-// Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
-// Derby must be allowed to register and unregister these MBeans.
-// It is possible to allow access only to specific MBeans, attributes or 
-// operations. To fine tune this permission, see the javadoc of 
-// javax.management.MBeanPermission or the JMX Instrumentation and Agent 
-// Specification. 
-//
-  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-//
-// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
-//
+
+  // Allows access to Derby's built-in MBeans, within the domain
+  // org.apache.derby.  Derby must be allowed to register and unregister these
+  // MBeans.  It is possible to allow access only to specific MBeans,
+  // attributes or operations. To fine tune this permission, see the javadoc of
+  // javax.management.MBeanPermission or the JMX Instrumentation and Agent
+  // Specification.
+  //
+  permission javax.management.MBeanPermission
+      "org.apache.derby.*#[org.apache.derby:*]",
+      "registerMBean,unregisterMBean";
+
+  // Trusts Derby code to be a source of MBeans and to register these in the
+  // MBean server.
+  //
   permission javax.management.MBeanTrustPermission "register";
 
-  // getProtectionDomain is an optional permission needed for printing classpath
-  // information to derby.log
+  // getProtectionDomain is an optional permission needed for printing
+  // classpath information to derby.log
+  //
   permission java.lang.RuntimePermission "getProtectionDomain";
 
   //
-  // The following permission must be granted for Connection.abort(Executor) to work.
-  // Note that this permission must also be granted to outer (application) code domains.
+  // The following permission must be granted for Connection.abort(Executor) to
+  // work.  Note that this permission must also be granted to outer
+  // (application) code domains.
   //
   permission java.sql.SQLPermission "callAbort";
 
   // Needed by file permissions restriction system:
+  //
   permission java.lang.RuntimePermission "accessUserInformation";
   permission java.lang.RuntimePermission "getFileStoreAttributes";
 };
 
+
+
 grant codeBase "${derby.install.url}derbynet.jar"
 {
-//
-// This permission lets the Network Server manage connections from clients.
-//
+  // These permissions lets the Network Server manage connections from clients.
 
-// Accept connections from any host. Derby is listening to the host
-// interface specified via the -h option to "NetworkServerControl
-// start" on the command line, via the address parameter to the
-// org.apache.derby.drda.NetworkServerControl constructor in the API
-// or via the property derby.drda.host; the default is localhost.
-// You may want to restrict allowed hosts, e.g. to hosts in a specific
-// subdomain, e.g. "*.example.com".
+  // Accept connections from any host. Derby is listening to the host interface
+  // specified via the -h option to "NetworkServerControl start" on the command
+  // line, via the address parameter to the
+  // org.apache.derby.drda.NetworkServerControl constructor in the API or via
+  // the property derby.drda.host; the default is localhost.  You may want to
+  // restrict allowed hosts, e.g. to hosts in a specific subdomain,
+  // e.g. "*.example.com".
+  permission java.net.SocketPermission "*", "accept";
 
-  permission java.net.SocketPermission "*", "accept"; 
-
-//
-// Needed for server tracing.
-//
-  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
+  // Needed for server tracing.
+  //
+  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-",
+      "read,write,delete";
 
-// Needed by file permissions restriction system:
+  // Needed by file permissions restriction system:
+  //
   permission java.lang.RuntimePermission "accessUserInformation";
   permission java.lang.RuntimePermission "getFileStoreAttributes";
-  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read, write";
-
-//
-// JMX: Uncomment this permission to allow the ping operation of the 
-//      NetworkServerMBean to connect to the Network Server.
-//permission java.net.SocketPermission "*", "connect,resolve";
+  permission java.util.PropertyPermission "derby.__serverStartedFromCmdLine",
+      "read, write";
 
+  // JMX: Uncomment this permission to allow the ping operation of the
+  //      NetworkServerMBean to connect to the Network Server.
+  //
+  // permission java.net.SocketPermission "*", "connect,resolve";
 
-//
-// Needed by sysinfo. The file permission is needed to
-// check the existence of jars on the classpath. You can
-// limit this permission to just the locations which hold
-// your jar files.
-//
-// In this template file, this block of permissions is granted
-// to derbynet.jar under the assumption that derbynet.jar is
-// the first jar file in your classpath which contains the
-// sysinfo classes. If that is not the case, then you will want
-// to grant this block of permissions to the first jar file
-// in your classpath which contains the sysinfo classes.
-// Those classes are bundled into the following Derby
-// jar files:
-//
-//    derbynet.jar
-//    derby.jar
-//    derbyclient.jar
-//    derbytools.jar
-//
+  // Needed by sysinfo. The file permission is needed to check the existence of
+  // jars on the classpath. You can limit this permission to just the locations
+  // which hold your jar files.
+  //
+  // In this template file, this block of permissions is granted to
+  // derbynet.jar under the assumption that derbynet.jar is the first jar file
+  // in your classpath which contains the sysinfo classes. If that is not the
+  // case, then you will want to grant this block of permissions to the first
+  // jar file in your classpath which contains the sysinfo classes.  Those
+  // classes are bundled into the following Derby jar files:
+  //
+  //    derbynet.jar
+  //    derby.jar
+  //    derbyclient.jar
+  //    derbytools.jar
+  //
   permission java.util.PropertyPermission "user.*", "read";
   permission java.util.PropertyPermission "java.home", "read";
   permission java.util.PropertyPermission "java.class.path", "read";



Mime
View raw message