SQL/MX 3.2.1 Guide to Stored Procedures in Java (H06.26+, J06.15+)
grant codeBase "file:/usr/tandem/sqlmx/udr/mxlangman.jar" {
permission java.security.AllPermission;
};
If the SPJ policy file does not contain these permissions, all CALL statements fail and return errors
that describe a security-related problem with the SQL/MX language manager.
Permissions for the JDBC/MX Driver
If you plan to call SPJs that access a database (that is, JDBC/MX-based SPJs), you must grant these
permissions in the SPJ policy file for JDBC/MX product to operate properly:
grant codeBase
"file:/usr/tandem/jdbcMx/current/lib/jdbcMx.jar" {
permission java.security.AllPermission;
};
Specify the standard location (/usr/tandem/jdbcMx/current/lib/ jdbcMx.jar) or a
nonstandard location that you specify in the UDR extensions class path. For more information, see
Setting the JDBC/MX Location (page 42).
For more information about JDBC/MX, see the JDBC Driver for SQL/MX Programmer's Reference.
Permissions for the Java System and Extension Classes
Java system classes, such as Java core API classes, and standard extension packages are granted
permissions by the default, system-wide Java policy file, java.policy, not the SPJ policy file.
The Java core API classes in the NonStop Server for Java are always granted all permissions.
Extension packages in java-installation-directory/jre/lib/ext are typically granted
all permissions.
For information about java.policy, see the Java documentation.
Permissions for the SPJ Method
To allow an SPJ method, or any application class on which the SPJ method depends, to perform
a restricted operation when Java security is enabled in the SPJ environment, you must grant the
appropriate permissions to the codebase of that Java method. The codebase identifies the location
of the class or JAR file that contains the Java method. If you do not grant the appropriate permissions
in the SPJ policy file, the invoked SPJ does not behave as desired, or the CALL statement fails to
execute.
For example, suppose that you want to invoke an SPJ that consists of an SPJ method that reads
OSS files. If you rely on the default permissions in the SPJ policy file, mxlangman.policy, the
CALL statement that invokes the SPJ fails and returns an error because reading a file is a restricted
operation when Java security is enabled. To allow the SPJ method to read OSS files while Java
security is enabled, add this grant statement to the SPJ policy file:
grant codeBase "file:/usr/mydir/myJar.jar" {
permission java.io.FilePermission "/usr/ossfiles",
"read,write";
};
In the example, the SPJ method that reads the OSS files is packaged in a JAR file, myJar.jar,
within the /usr/mydir directory. To grant this permission to all the classes in the /usr/mydir
directory, including the JAR file, add this grant statement to the SPJ policy file:
grant codeBase "file:/usr/mydir/*" {
permission java.io.FilePermission "/usr/ossfiles",
"read,write";
};
For information about policy file syntax and Java security, see the Java documentation.
48 Getting Started