On Tuesday 06 November 2007 20:02:04 Vemund Ostgaard wrote: > Daniel Noll wrote: > > Hi all. > > > > Is there some way for the Derby server to allow custom code to determine > > whether a directory can be opened for a database? I read something about > > a policy file but that doesn't really suit our use case as the list of > > directories can be changed by the admin at runtime. > > I believe there is a system procedure that can be used to reload the > policy file in effect dynamically: SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY > > See here: > http://db.apache.org/derby/docs/dev/ref/rrefreloadpolicyproc.html > > Maybe that could be used whenever the admin wants to change what > directories are accessible?
That may work, assuming that generating policy files dynamically isn't too hard. I'll have to look into it. In terms of an ideal API, what I would rather have is a method in NetworkServerControl where I can pass in an implementation of some interface which receives a Principal and a File path (or a URL) and where I either return true/false or throw a SecurityException. Side-thought: I've noticed there is a Policy.setPolicy(Policy) method in the JRE, makes me wonder if I can make an implementation of that and avoid needing to generate the file at all. It doesn't look too easy to subclass however. Daniel
