Using signed jar files

In a Java SE environment, Derby can detect digital signatures on jar files. When attempting to load a class from a signed jar file stored in the database, Derby will verify the validity of the signature.

Note: The Derby class loader only validates the integrity of the signed jar file and verifies that the certificate has not expired. Derby cannot ascertain whether the validity or identity of declared signer is correct. To validate identity, use a Security Manager (that is, an implementation of java.lang.SecurityManager). For details, see Configuring Java security.

When loading classes from an application jar file in a Java SE environment, Derby behaves as follows if the class is signed:

For more information about signed jar files, see http://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html.

Related concepts
Basic security configuration tasks
Configuring database encryption
Configuring SSL/TLS
Understanding identity in Derby
Configuring user authentication
Configuring user authorization
Configuring Java security
Restricting file permissions
Putting it all together