Running the luceneSupport tool with a security manager

When you run the luceneSupport tool under a Java Security Manager, the security policy must grant privileges to two jar files.

The following privileges must be granted to derbyoptionaltools.jar and to the core Lucene jar file:

//
// Permissions for the optional tools (derbyoptionaltools.jar)
//
grant codeBase "${derby.install.url}derbyoptionaltools.jar"
{
  permission java.util.PropertyPermission "derby.system.home", "read";
  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";

  // all databases under derby.system.home 
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE",
      "read,write,delete";
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
      "read,write,delete";

  permission java.io.FilePermission "${lucene.core.jar.file}", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

// Permissions for the Lucene plugin
grant codeBase "${lucene.core.jar.file.url}"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE",
      "read,write,delete";
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
      "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
Related reference
Creating an index
Updating an index
Querying an index
Dropping an index
Listing indexes