Cosminexus アプリケーションサーバ V8 リファレンス 定義編(サーバ定義)
J2SEのセキュリティポリシーファイル形式に従います。
バッチサーバを実行するJavaVMのセキュリティポリシーを指定します。
バッチサーバの稼働中に,このファイルの内容を変更した場合,変更した内容は次にバッチサーバを起動したときに反映されます。
使用されるポリシーファイルの内容を次に示します。
// (1) // Grant all permissions to the java extensions grant codeBase "file:${java.home}/lib/ext/-" { permission java.security.AllPermission; }; // (2) // Grant all permissions to the java tools, etc // Note: java.home is the jre, not the installation dir for the jdk grant codeBase "file:${java.home}/../lib/*" { permission java.security.AllPermission; }; // (3) // Grant all permissions to anything loaded from the // EJB server itself grant codeBase "file:${ejbserver.install.root}/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${tpbroker.java.home}/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/DABJ/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/manager/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/c4web/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/c4web/exlib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/jaxp/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/CTM/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/PRF/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/wss/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${cosminexus.home}/XMLSEC/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${ejbserver.install.root}/sfo/lib/*" { permission java.security.AllPermission; }; grant codeBase "file:${hntrlib.home}/classes/*" { permission java.security.AllPermission; }; // (4) // Grant all permissions to the container generated stubs and // implementation classes grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/containers/-" { permission java.security.AllPermission; }; // (5) // Grant all permissions to imported resource (datasource) implementations // implementation classes grant codeBase "http://*/ejb/${ejbserver.serverName}/import/resjars/-" { permission java.security.AllPermission; }; // (6) // Grant permissions to resource adapters // grant codeBase "file:${ejbserver.http.root}/ejb/${ejbserver.serverName}/rarjars/-" { // For Cosminexus TP1 Connector & TP1/Client/J permission java.util.PropertyPermission "*", "read, write"; // For Cosminexus TP1 Connector & TP1/Client/J & Cosminexus Reliable Messaging permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete"; permission java.net.SocketPermission "*", "connect,listen,accept"; // For TP1/Message Queue - Access permission java.lang.RuntimePermission "loadLibrary.*"; // For TP1/Message Queue - Access & Cosminexus Reliable Messaging permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.lang.RuntimePermission "modifyThread"; // For DB Connector permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // For authentication (from J2EE RI server.policy file) permission javax.security.auth.PrivateCredentialPermission "* * \"*\"", "read"; // For Cosminexus Reliable Messaging permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; permission java.lang.RuntimePermission "getenv.HRMDIR"; // For Cosminexus SOA FTP Inbound Adapter permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; }; // (7) // Grant permissions to JSP/Servlet // grant codeBase "file:${ejbserver.http.root}/web/${ejbserver.serverName}/-" { permission java.lang.RuntimePermission "loadLibrary.*"; permission java.lang.RuntimePermission "queuePrintJob"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "modifyThreadGroup"; permission java.net.SocketPermission "*", "connect"; permission java.io.FilePermission "<<ALL FILES>>", "read, write"; permission java.util.PropertyPermission "*", "read"; }; // (8) // Grant permissions to Cosminexus Service Coordinator // grant codeBase "file:${cosminexus.home}/CSC/lib/*" { permission java.lang.security.AIIPermission; }; // (9) // // Grant minimal permissions to everything else: // Batch applications // EJBs // client implementation classes grant { permission java.security.AllPermission; };
記述例の(1)〜(9)について説明します。
All Rights Reserved. Copyright (C) 2008, 2011, Hitachi, Ltd.