The following privileges must be granted to
derbyoptionaltools.jar and to the core Lucene jar file:
//
// Permissions for the optional tools (derbyoptionaltools.jar)
//
grant codeBase "${derby.install.url}derbyoptionaltools.jar"
{
permission java.util.PropertyPermission "derby.system.home", "read";
permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
// all databases under derby.system.home
permission java.io.FilePermission
"${derby.system.home}${/}${databaseName}${/}LUCENE",
"read,write,delete";
permission java.io.FilePermission
"${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
"read,write,delete";
permission java.io.FilePermission "${lucene.core.jar.file}", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
// Permissions for the Lucene plugin
grant codeBase "${lucene.core.jar.file.url}"
{
// permissions for file access, write access only to sandbox:
permission java.io.FilePermission
"${derby.system.home}${/}${databaseName}${/}LUCENE",
"read,write,delete";
permission java.io.FilePermission
"${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
"read,write,delete";
// Basic permissions needed for Lucene to work:
permission java.util.PropertyPermission "user.dir", "read";
permission java.util.PropertyPermission "sun.arch.data.model", "read";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};