Hi, Here is the policy file, grant codeBase
"file:/path/to/derby-10.10.1.1/lib/derby.jar" { // // These permissions are
needed for everyday, embedded Derby usage. // permission
java.lang.RuntimePermission "createClassLoader"; permission
java.util.PropertyPermission "derby.*", "read"; permission
java.util.PropertyPermission "user.dir", "read"; permission
java.util.PropertyPermission "derby.storage.jvmInstanceId", "write"; // The
next two properties are used to determine if the VM is 32 or 64 // bit.
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.util.PropertyPermission "os.arch", "read"; permission
java.io.FilePermission "/path/to/derby-10.10.1.1","read"; permission
java.io.FilePermission "/path/to/derby-10.10.1.1/-", "read,write,delete"; //
// This permission lets a DBA reload the policy file while the server // is
still running. The policy file is reloaded by invoking the //
SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure. // permission
java.security.SecurityPermission "getPolicy"; // // This permission lets you
backup and restore databases // to and from arbitrary locations in your file
system. // // This permission also lets you import/export data to and from //
arbitrary locations in your file system. // // You may want to restrict this
access to specific directories. // permission java.io.FilePermission
"/path/to/derby-10.10.1.1/backups/-", "read,write,delete"; // // Permissions
needed for JMX based management and monitoring, which is // only available
for JVMs supporting "platform management", that is // Java SE 5.0 or better.
// // Allows this code to create an MBeanServer: // permission
javax.management.MBeanServerPermission "createMBeanServer"; // // Allows
access to Derby's built-in MBeans, within the domain // org.apache.derby. //
Derby must be allowed to register and unregister these MBeans. // It is
possible to allow access only to specific MBeans, attributes or //
operations. To fine tune this permission, see the javadoc of //
javax.management.MBeanPermission or the JMX Instrumentation and Agent //
Specification. // permission javax.management.MBeanPermission
"org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean";
// // Trusts Derby code to be a source of MBeans and to register these in //
the MBean server. // permission javax.management.MBeanTrustPermission
"register"; // getProtectionDomain is an optional permission needed for
printing // classpath information to derby.log permission
java.lang.RuntimePermission "getProtectionDomain"; // // The following
permission must be granted for // Connection.abort(Executor) to work. Note
that this permission // must also be granted to outer (application) code
domains. // permission java.sql.SQLPermission "callAbort"; }; grant codeBase
"file:/path/to/derby-10.10.1.1/lib/derbynet.jar" { // // This permission lets
the Network Server manage connections from // clients. // // Accept
connections from any host. Derby is listening to the host // interface
specified via the -h option to "NetworkServerControl // start" on the command
line, via the address parameter to the //
org.apache.derby.drda.NetworkServerControl constructor in the API // or via
the property derby.drda.host; the default is localhost. // You may want to
restrict allowed hosts, e.g. to hosts in a specific // subdomain, e.g.
"*.example.com". permission java.net.SocketPermission "localhost:0-",
"accept"; // // Needed for server tracing. // // permission
java.io.FilePermission "${derby.drda.traceDirectory}${/}-", //
"read,write,delete"; // // JMX: Uncomment this permission to allow the ping
operation of the // NetworkServerMBean to connect to the Network Server.
//permission java.net.SocketPermission "*", "connect,resolve"; // // Needed
by sysinfo. The file permission is needed to // check the existence of jars
on the classpath. You can // limit this permission to just the locations
which hold // your jar files. // // In this template file, this block of
permissions is granted // to derbynet.jar under the assumption that
derbynet.jar is // the first jar file in your classpath which contains the //
sysinfo classes. If that is not the case, then you will want // to grant this
block of permissions to the first jar file // in your classpath which
contains the sysinfo classes. // Those classes are bundled into the following
Derby // jar files: // // derbynet.jar // derby.jar // derbyclient.jar //
derbytools.jar // // permission java.util.PropertyPermission "user.*",
"read"; // permission java.util.PropertyPermission "java.home", "read"; //
permission java.util.PropertyPermission "java.class.path", "read"; //
permission java.util.PropertyPermission "java.runtime.version", "read"; //
permission java.util.PropertyPermission "java.fullversion", "read"; //
permission java.lang.RuntimePermission "getProtectionDomain"; // permission
java.io.FilePermission "<>", "read"; // permission java.io.FilePermission
"java.runtime.version", "read"; // permission java.io.FilePermission
"java.fullversion", "read"; }; and here is the complete error message, Fri
Mar 21 02:23:39 CET 2014 : access denied ("java.util.PropertyPermission"
"derby.__serverStartedFromCmdLine" "write")
java.security.AccessControlException: access denied
("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
at java.security.AccessController.checkPermission(AccessController.java:559)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at
java.lang.System.setProperty(System.java:783) at
org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) at
org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) at
java.security.AccessController.doPrivileged(Native Method) at
org.apache.derby.drda.NetworkServerControl.main(Unknown Source) Thanks, jose
--
[Message sent by forum member 'josealvarezdelara']
View Post: http://forums.java.net/node/901574