Manualshelf

SQL/MX 3.2.1 Guide to Stored Procedures in Java (H06.26+, J06.15+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
41424344454647484950
By using a policy file, you can configure the Java security manager so that specific Java classes
and methods can perform restricted operations, such as accessing a directory or network address.
Using UDR_JAVA_OPTIONS to Enable Java Security
By default, Java security is disabled in the SPJ environment of an SQL/MX UDR server process. To
enable Java security in the SPJ environment, use this UDR_JAVA_OPTIONS attribute value:
'-Djava.security.manager-Djava.security.policy=
/usr/tandem/sqlmx/udr/mxlangman.policy'
For example, set the UDR_JAVA_OPTIONS default attribute in a CONTROL QUERY DEFAULT
statement as:
CONTROL QUERY DEFAULT UDR_JAVA_OPTIONS
'-Djava.security.manager -Djava.security.policy=
/usr/tandem/sqlmx/udr/mxlangman.policy';
For other ways of setting the UDR_JAVA_OPTIONS default attribute, see Controlling JVM Startup
Options (page 36).
The UDR_JAVA_OPTIONS setting enables a Java security manager in the SPJ environment. The
Java security manager first loads the default, system-wide Java policy file,
java-installation-directory/jre/lib/security/java.policy, and then loads the
SPJ policy file specified by -Djava.security.policy. Java security remains enabled for the
duration of the SPJ environment until the SQL/MX UDR server process, which hosts the SPJ
environment, ends.
You should specify only one SPJ policy file in a UDR_JAVA_OPTIONS setting. Otherwise, the last
policy file listed takes effect. In this example, the mypolicy.policy file takes precedence over
the mxlangman.policy file:
CONTROL QUERY DEFAULT UDR_JAVA_OPTIONS
'-Djava.security.manager -Djava.security.policy=
/usr/tandem/sqlmx/udr/mxlangman.policy
-Djava.security.policy=/usr/myfiles/mypolicy.policy';
SPJ Policy File and Required Permissions
The default SPJ policy file, mxlangman.policy in the /usr/tandem/sqlmx/udr directory,
contains these permissions:
grant codeBase "file:/usr/tandem/sqlmx/udr/mxlangman.jar" {
permission java.security.AllPermission;
};
grant codeBase
"file:/usr/tandem/jdbcMx/current/lib/jdbcMx.jar" {
permission java.security.AllPermission;
};
You can use the default SPJ policy file, mxlangman.policy, as is, reconfigure it, or use your
own policy file. The policy file that you specify must contain certain permissions for SPJs to operate
properly in the SPJ environment. Details are discussed next.
Permissions for the SQL/MX Language Manager
The SQL/MX language manager is a key component because it loads, invokes, and unloads SPJs
in an SQL/MX UDR server process. The mxlangman.jar file contains Java bytecode that
implements part of the SQL/MX language manager.
You must grant these permissions in the SPJ policy file for the SQL/MX language manager to
operate properly:
Establishing Java Security 47