Configuring Java security

The Java security manager lets you reduce the damage that your application can do.

Using a security manager, the System Administrator can restrict how an application cooperates with other applications running in the same virtual machine (VM) or elsewhere on the same machine. When you run Derby under a security manager, you can restrict the following:

To take advantage of these powerful controls, first customize a copy of the Derby security policy template. You will find a template security policy in the Derby distribution at demo/templates/server.policy.

Basic security policy template shows this basic policy. It grants permissions to both the derby.jar and derbynet.jar codebases. To run Derby in embedded mode, you must grant permissions to derby.jar. To run the Derby Network Server, you must grant permissions to both derby.jar and derbynet.jar.

Sample customized Java security policy file shows a sample customized policy file.

To customize the file, make the following edits:

This manual does not describe the Java security manager in depth. For more information, see In particular, you may want to read the Security Architecture paper ( and the Default Policy Implementation and Policy File Syntax information (

Related concepts
Basic security configuration tasks
Configuring database encryption
Using signed jar files
Configuring SSL/TLS
Understanding identity in Derby
Configuring user authentication
Configuring user authorization
Restricting file permissions
Putting it all together