Configuring Java security

The Java security manager lets you reduce the damage that your application can do.

Using a security manager, the System Administrator can restrict how an application cooperates with other applications running in the same virtual machine (VM) or elsewhere on the same machine. When you run Derby under a security manager, you can restrict the following:

To take advantage of these powerful controls, first customize one of the template security policies documented here. You can find these template security policies in the Derby distribution in the demo/templates directory. Choose the policy which corresponds to the Derby configuration which you are running:

To customize these files, make the following edits:

This manual does not describe the Java security manager in depth. For more information, see In particular, you may want to read the Security Architecture paper ( and the Default Policy Implementation and Policy File Syntax information (

Related concepts
Basic security configuration tasks
Configuring database encryption
Using signed jar files
Configuring SSL/TLS
Understanding identity in Derby
Configuring user authentication
Configuring user authorization
Restricting file permissions
Putting it all together