The security policy file follows the format of the security policy file of J2SE.
Specify the security policy of the JavaVM that executes the batch servers.
If you change the contents of this file while the batch server is running, the changes become effective only when the batch server is started next.
The contents of the used policy file are as follows:
// (1)
// Grant all permissions to the java extensions
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
// (2)
// Grant all permissions to the java tools, etc
// Note: java.home is the jre, not the installation dir for the jdk
grant codeBase "file:${java.home}/../lib/*" {
permission java.security.AllPermission;
};
// (3)
// Grant all permissions to anything loaded from the
// EJB server itself
grant codeBase "file:${ejbserver.install.root}/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${tpbroker.java.home}/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/DABJ/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/manager/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/c4web/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/c4web/exlib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/jaxp/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/CTM/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/PRF/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/wss/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/XMLSEC/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${ejbserver.install.root}/sfo/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${hntrlib.home}/classes/*" {
permission java.security.AllPermission;
};
// (4)
// Grant all permissions to the container generated stubs and
// implementation classes
grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/containers/-" {
permission java.security.AllPermission;
};
// (5)
// Grant all permissions to imported resource (datasource) implementations
// implementation classes
grant codeBase "http://*/ejb/${ejbserver.serverName}/import/resjars/-" {
permission java.security.AllPermission;
};
// (6)
// Grant permissions to resource adapters
//
grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/rarjars/-" {
// For Cosminexus TP1 Connector & TP1/Client/J
permission java.util.PropertyPermission "*", "read, write";
// For Cosminexus TP1 Connector & TP1/Client/J & Cosminexus Reliable Messaging
permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
permission java.net.SocketPermission "*", "connect,listen,accept";
// For TP1/Message Queue - Access
permission java.lang.RuntimePermission "loadLibrary.*";
// For TP1/Message Queue - Access & Cosminexus Reliable Messaging
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "modifyThread";
// For DB Connector
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// For authentication (from J2EE RI server.policy file)
permission javax.security.auth.PrivateCredentialPermission "* * \"*\"", "read";
// For Cosminexus Reliable Messaging
permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
permission java.lang.RuntimePermission "getenv.HRMDIR";
// For Cosminexus SOA FTP Inbound Adapter
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
// (7)
// Grant permissions to JSP/Servlet
//
grant codeBase "file:${ejbserver.http.root}/web/${ejbserver.serverName}/-" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.net.SocketPermission "*", "connect";
permission java.io.FilePermission "<<ALL FILES>>", "read, write";
permission java.util.PropertyPermission "*", "read";
};
// (8)
// Grant permissions to Cosminexus Service Coordinator
//
grant codeBase "file:${cosminexus.home}/CSC/lib/*" {
permission java.lang.security.AIIPermission;
};
// (9)
//
// Grant minimal permissions to everything else:
// Batch applications
// EJBs
// client implementation classes
grant {
permission java.security.AllPermission;
};
The examples of coding from (1) to (9) are as follows: