J2SEのセキュリティポリシーファイル形式に従います。
バッチサーバを実行するJavaVMのセキュリティポリシーを指定します。
バッチサーバの稼働中に,このファイルの内容を変更した場合,変更した内容は次にバッチサーバを起動したときに反映されます。
使用されるポリシーファイルの内容を次に示します。
// (1)
// Grant all permissions to the java extensions
grant codeBase "file:${java.home}/lib/ext/-" {
permission java.security.AllPermission;
};
// (2)
// Grant all permissions to the java tools, etc
// Note: java.home is the jre, not the installation dir for the jdk
grant codeBase "file:${java.home}/../lib/*" {
permission java.security.AllPermission;
};
// (3)
// Grant all permissions to anything loaded from the
// EJB server itself
grant codeBase "file:${ejbserver.install.root}/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${tpbroker.java.home}/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/DABJ/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/manager/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/c4web/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/c4web/exlib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/jaxp/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/CTM/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/PRF/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/wss/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${cosminexus.home}/XMLSEC/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${ejbserver.install.root}/sfo/lib/*" {
permission java.security.AllPermission;
};
grant codeBase "file:${hntrlib.home}/classes/*" {
permission java.security.AllPermission;
};
// (4)
// Grant all permissions to the container generated stubs and
// implementation classes
grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/containers/-" {
permission java.security.AllPermission;
};
// (5)
// Grant all permissions to imported resource (datasource) implementations
// implementation classes
grant codeBase "http://*/ejb/${ejbserver.serverName}/import/resjars/-" {
permission java.security.AllPermission;
};
// (6)
// Grant permissions to resource adapters
//
grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/rarjars/-" {
// For Cosminexus TP1 Connector & TP1/Client/J
permission java.util.PropertyPermission "*", "read, write";
// For Cosminexus TP1 Connector & TP1/Client/J & Cosminexus Reliable Messaging
permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
permission java.net.SocketPermission "*", "connect,listen,accept";
// For TP1/Message Queue - Access
permission java.lang.RuntimePermission "loadLibrary.*";
// For TP1/Message Queue - Access & Cosminexus Reliable Messaging
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.lang.RuntimePermission "modifyThread";
// For DB Connector
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// For authentication (from J2EE RI server.policy file)
permission javax.security.auth.PrivateCredentialPermission "* * ¥"*¥"", "read";
// For Cosminexus Reliable Messaging
permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
permission java.lang.RuntimePermission "getenv.HRMDIR";
// For Cosminexus SOA FTP Inbound Adapter
permission java.lang.RuntimePermission "getClassLoader";
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "accessDeclaredMembers";
};
// (7)
// Grant permissions to JSP/Servlet
//
grant codeBase "file:${ejbserver.http.root}/web/${ejbserver.serverName}/-" {
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
permission java.net.SocketPermission "*", "connect";
permission java.io.FilePermission "<<ALL FILES>>", "read, write";
permission java.util.PropertyPermission "*", "read";
};
// (8)
// Grant permissions to Cosminexus Service Coordinator
//
grant codeBase "file:${cosminexus.home}/CSC/lib/*" {
permission java.lang.security.AIIPermission;
};
// (9)
//
// Grant minimal permissions to everything else:
// Batch applications
// EJBs
// client implementation classes
grant {
permission java.security.AllPermission;
};
記述例の(1)~(9)について説明します。