Running the luceneSupport tool with a security manager When you run the luceneSupport tool under a Java Security Manager, the security policy must grant privileges to two jar files. luceneSupport optional toolrunning with a security manager

The following privileges must be granted to derbyoptionaltools.jar and to the core Lucene jar file:

// // Permissions for the optional tools (derbyoptionaltools.jar) // grant codeBase "${derby.install.url}derbyoptionaltools.jar" { permission java.util.PropertyPermission "derby.system.home", "read"; permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals"; // all databases under derby.system.home permission java.io.FilePermission "${derby.system.home}${/}${databaseName}${/}LUCENE", "read,write,delete"; permission java.io.FilePermission "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-", "read,write,delete"; permission java.io.FilePermission "${lucene.core.jar.file}", "read"; permission java.util.PropertyPermission "user.dir", "read"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; // Permissions for the Lucene plugin grant codeBase "${lucene.core.jar.file.url}" { // permissions for file access, write access only to sandbox: permission java.io.FilePermission "${derby.system.home}${/}${databaseName}${/}LUCENE", "read,write,delete"; permission java.io.FilePermission "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-", "read,write,delete"; // Basic permissions needed for Lucene to work: permission java.util.PropertyPermission "user.dir", "read"; permission java.util.PropertyPermission "sun.arch.data.model", "read"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; };