JPOX
JPOX
 Project  |  Ver 1.1  |  Ver 1.2  |  JDO  |  JPA  |  Guides  |  Tools
1.2 | Persistence | JDO ORM | JPA ORM | Runtime | JDO Runtime | JPA Runtime | Extensions | Developer
JPOX Runtime
RDBMS Datastores
DB4O Datastore
Java Security Manager

The Java Security Manager can be used with JPOX to provide a security platform to sensitive applications.

To use the Security Manager, specify the java.security.manager and java.security.policy arguments when starting the JVM. e.g. 

java -Djava.security.manager -Djava.security.policy==/etc/apps/security/security.policy ...

Note that when you use -Djava.security.policy==... (double equals sign) you override the default JVM security policy files, while if you use -Djava.security.policy=... (single equals sign), you append the security policy file to any existing ones.

The following is a sample security policy file to be used with JPOX. 


grant codeBase "file:${/}jdo2-api-2.0.jar" {

    //jdo API needs datetime (timezone class needs the following)
    permission java.util.PropertyPermission "user.country", "read";
    permission java.util.PropertyPermission "user.variant", "read";
    permission java.util.PropertyPermission "user.timezone", "read,write";
    permission java.util.PropertyPermission "java.home", "read";
};
grant codeBase "file:${/}jpox*.jar" {

     //jdo
    permission javax.jdo.spi.JDOPermission "getMetadata";
    permission javax.jdo.spi.JDOPermission "setStateManager";
	
    //JPOX needs to get classloader of classes
    permission java.lang.RuntimePermission "getClassLoader";
	
    //JPOX needs to detect the java and os version
    permission java.util.PropertyPermission "java.version", "read";
    permission java.util.PropertyPermission "os.name", "read";

    //JPOX reads these system properties
    permission java.util.PropertyPermission "org.jpox.*", "read";	
    permission java.util.PropertyPermission "javax.jdo.*", "read";	
	
    //JPOX runtime enhancement (needs read access to all jars/classes in classpath, so use <<ALL FILES>> to facilitate config)
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.io.FilePermission "<<ALL FILES>>", "read";
	
    //JPOX needs to read manifest files (read permission to location of MANIFEST.MF files) 
    permission java.io.FilePermission "${user.dir}${/}-", "read";
    permission java.io.FilePermission "<<ALL FILES>>", "read";
	
    //JPOX uses reflection!!!
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.RuntimePermission "accessDeclaredMembers";	    
};