Hi John, Thanks for the write-up!
I'm sorry you had to struggle through the url file: syntax - I did too, and updated DERBY-6438 with my findings. We should probably fix the documentation. Myrna On Thu, Jan 30, 2014 at 6:27 AM, John I. Moore, Jr. <softmo...@att.net>wrote: > I am sending this email to the Derby user list with the hope that I can > save someone time and frustration when trying to run the Derby network > server on Windows with the latest version of Java (currently 1.7.0_51). > With the latest version of Java, it is no longer possible to use the batch > file "startNetworkServer.bat" to start the network server. If you run > derby under Linux or some variation of Unix, or if you are already familiar > with how to use a server policy file with Derby, you can probably ignore > this message. (Note to Derby developers: You might want to add some of > the descriptions below to the appropriate pages in the Derby documentation, > especially > https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html > .) > > > > To run the Derby network server on Windows, you will need to download a > copy of the server policy file 1010_server.policy from > https://issues.apache.org/jira/browse/DERBY-6438 and edit it for your use > or define appropriate system properties when starting the Derby network > server. I will give an example for editing the file. > > > > When editing the file, replace "${derby.install.url}" with the full path > name for the Derby jar files in the four sections that start with "*grant > codebase*". The syntax is a little tricky. For example, assume that > derby has been installed in C:\Java\db-derby-10.10.1.1-bin. You use a " > file:" specification, but you need to use forward slashes, not back > slashes. Also, the file specification can contain zero, one, or three > forward slashes, but not two. Thus, any of the following will work > > grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > but not > > grant codeBase "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" > > > > This is an important point since the sample files in the Derby Developer's > Guide seem to imply that two slashes are acceptable - see > http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html. > If you use two slashes in you file specification, you will get an error > message similar to the following: > > > > Thu Jan 30 09:09:33 EST 2014 : access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") > > java.security.AccessControlException: access denied > ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") > > at java.security.AccessControlContext.checkPermission(Unknown > Source) > > at java.security.AccessController.checkPermission(Unknown Source) > > at java.lang.SecurityManager.checkPermission(Unknown Source) > > at java.lang.System.setProperty(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) > > at java.security.AccessController.doPrivileged(Native Method) > > at org.apache.derby.drda.NetworkServerControl.main(Unknown Source) > > at org.apache.derby.iapi.tools.run.main(Unknown Source) > > > > You also need to replace "${derby.security.port}" with the appropriate > port number (e.g., 1527). Alternatively, you can define " > ${derby.security.port}" in your call to start the Derby network server, > as in "-Dderby.security.port=1527". Other policy file parameters can be > handled similarly, but these are the most important ones, and these changes > are the minimum needed to get the Derby network server started. > > > > I saved the policy file in my DERBY_HOME directory as simply server.policy, > and I edited only the four "grant codebase" sections as described above. > I can then start the Derby network server using a command similar to the > following (which I placed in a batch file): > > start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 > -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy > -jar %DERBY_HOME%\lib\derbyrun.jar server start > > > > Alternatively, if your class path contains the appropriate Derby jar files > (which can ensure by running %DERBY_HOME%\bin\setNetworkServerCP.bat), > you can start the Derby network server using the following: > > start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 > -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy > org.apache.derby.drda.NetworkServerControl start > > > > I hope this helps. I wasted a lot of time before I figured out that the > two forward slashes in the file specification was causing the problem. > > > > _________________________________________ > > > > John I. Moore, Jr. > > SoftMoore Consulting > > >
