The CICS-supplied enterprise beans policy file, dfjejbpl.policy, is based on the security policy recommended in the Sun Microsystems Enterprise JavaBeans Specification, Version 1.1, which is available at http://www.javasoft.com/products/ejb. The sample policy file is shown in Figure 1.
In Java 2, the security policy is defined in terms of protection domains which map permissions to code sources. A protection domain contains a code source with a set of associated permissions.
Remember that if you want to use JDBC or SQLJ from enterprise beans, you need to amend the CICS-supplied enterprise beans policy file to grant permissions to the JDBC driver. The CICS® DB2® Guide tells you how to do this.
// permissions granted to CICS enterprise beans Container codesource protection
//domain
grant codeBase "file:usr/lpp/cicsts/cicsts31//-" {
permission java.security.AllPermission;
};
// default EJB 1.1 permissions granted to all protection domains
grant {
// allows anyone to initiate a print job request
permission java.lang.RuntimePermission "queuePrintJob";
// allows outbound connection on any TCP/IP ports
permission java.net.SocketPermission "*:0-65535", "connect";
// allows anyone to read properties
permission java.util.PropertyPermission "*", "read";
};