I am sending this email to the Derby user list with the hope that I can save someone time and frustration when trying to run the Derby network server on Windows with the latest version of Java (currently 1.7.0_51). With the latest version of Java, it is no longer possible to use the batch file “startNetworkServer.bat” to start the network server. If you run derby under Linux or some variation of Unix, or if you are already familiar with how to use a server policy file with Derby, you can probably ignore this message. (Note to Derby developers: You might want to add some of the descriptions below to the appropriate pages in the Derby documentation, especially https://db.apache.org/derby/docs/10.4/adminguide/tadminnetservcustom.html.)
To run the Derby network server on Windows, you will need to download a copy of the server policy file 1010_server.policy from https://issues.apache.org/jira/browse/DERBY-6438 and edit it for your use or define appropriate system properties when starting the Derby network server. I will give an example for editing the file. When editing the file, replace “${derby.install.url}” with the full path name for the Derby jar files in the four sections that start with “grant codebase”. The syntax is a little tricky. For example, assume that derby has been installed in C:\Java\db-derby-10.10.1.1-bin. You use a “file:” specification, but you need to use forward slashes, not back slashes. Also, the file specification can contain zero, one, or three forward slashes, but not two. Thus, any of the following will work grant codeBase "file:C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" grant codeBase "file:/C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar" grant codeBase "file:///C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar <file:///C:\Java\db-derby-10.10.1.1-bin\lib\derby.jar> " but not grant codeBase "file://C:/Java/db-derby-10.10.1.1-bin/lib/derby.jar <file:///C:\Java\db-derby-10.10.1.1-bin\lib\derby.jar> " This is an important point since the sample files in the Derby Developer's Guide seem to imply that two slashes are acceptable – see http://db.apache.org/derby/docs/10.10/devguide/cdevcsecure871387.html. If you use two slashes in you file specification, you will get an error message similar to the following: Thu Jan 30 09:09:33 EST 2014 : access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") java.security.AccessControlException: access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine" "write") at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.System.setProperty(Unknown Source) at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at org.apache.derby.drda.NetworkServerControl.main(Unknown Source) at org.apache.derby.iapi.tools.run.main(Unknown Source) You also need to replace “${derby.security.port}” with the appropriate port number (e.g., 1527). Alternatively, you can define “${derby.security.port}” in your call to start the Derby network server, as in “-Dderby.security.port=1527”. Other policy file parameters can be handled similarly, but these are the most important ones, and these changes are the minimum needed to get the Derby network server started. I saved the policy file in my DERBY_HOME directory as simply server.policy, and I edited only the four “grant codebase” sections as described above. I can then start the Derby network server using a command similar to the following (which I placed in a batch file): start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy -jar %DERBY_HOME%\lib\derbyrun.jar server start Alternatively, if your class path contains the appropriate Derby jar files (which can ensure by running %DERBY_HOME%\bin\setNetworkServerCP.bat), you can start the Derby network server using the following: start java -Dderby.system.home=%DERBY_HOME% -Dderby.security.port=1527 -Djava.security.manager -Djava.security.policy=%DERBY_HOME%\server.policy org.apache.derby.drda.NetworkServerControl start I hope this helps. I wasted a lot of time before I figured out that the two forward slashes in the file specification was causing the problem. _________________________________________ John I. Moore, Jr. SoftMoore Consulting
