If you run Derby on a relatively recent copy of Java, or on certain platforms, you may need to specify a server policy file.

Information about the Derby security policy is available in the Derby documentation, specifically in the Administration Guide at Basic Network Server security policy and at Customizing the Network Server's security policy.

Many portions of the Derby security policy must be edited to specify file: scheme URLs, which can be tricky do to on operating systems like Windows.

When editing the file, replace  ${derby.install.url}  with the full path name for the Derby jar files in the four sections that start with “grant codebase”. The syntax is a little tricky. For example, assume that derby has been installed in C:\Java\db-derby-10.10.1.1-bin. You use a “file:” specification, but you need to use forward slashes, not back slashes. Also, the file specification can contain zero, one, or three forward slashes, but not two.

The slashes in a file URL are explained in this Wikipedia entry:

Things to notice:

So, three slashes is OK: it means the host is omitted (default).

Zero and one slash would indicate that the "//host" part is omitted, cf the lenience allowed mentioned above.

Just a double slash followed by the file path (e.g. //C:/....), would be wrong, since "C:" is not a host name.

Thus, any of the following will work

but not

This is an important point since the sample files in the Derby Developer's Guide seem to imply that two slashes are acceptable.

While the file specifications appear to work with zero, one, or three slashes, based on the Wikipedia link above and this MSDN link, it appears that three slashes is the “proper” form for files on the localhost,which, I suspect, is the most common case.

If you use two slashes in you file specification, you will get an error message similar to the following:

You also need to replace  “${derby.security.port}”  with the appropriate port number (e.g., 1527). Alternatively, you can define  “${derby.security.port}”  in your call to start the Derby network server, as in  “-Dderby.security.port=1527” .

Other policy file parameters can be handled similarly, but these are the most important ones, and these changes are the minimum needed to get the Derby network server started.

Once your security policy has been edited, specify it when starting Derby by adding

to the  start java  command.

SecurityPolicyTips (last edited 2014-02-01 16:30:19 by 76)