With the advent of Java 1.7.0_51, there are more restrictive security constraints on opening listener sockets than before. These cause Apache Derby's network server to fail to start with the exception
java.security.AccessControlException: access denied ("java.net.SocketPermission" "localhost:1527" "listen,resolve")
There are various workarounds at Unable to start derby database from Netbeans 7.4, discussing a variation of this, but each seems to involve hacking the JDK's java.policy file. Although I tend to agree with user230146's sentiment that "Oracle seems to be trying to protect us from ourselves in ways that would be more appropriate to naive users," I'm nevertheless quite wary of what black hat hackers can do. I believe that one should grant the minimal privileges to do the job, and no more.
More research led to another alternative, which, of course, isn't working (or I wouldn't be asking). At http://apache-database.10148.n7.nabble.com/Network-Server-Access-Permissions-and-Java-1-7-0-51-td136583.html, there is a recommendation that one include two additional properties on the command line invocation, one of which refers to a security file. At https://issues.apache.org/jira/browse/DERBY-6438 (cited therein) there is a link to download a sample security file.
I downloaded and modified the security file to explicitly specify the port, by including the statement (where 1527 is hard-coded in lieu of ${derby.security.port})
permission java.net.SocketPermission "localhost:1527", "listen";
and then attempted to start the server with the command
java -classpath "C:\Program Files\Apache-derby-10.5.3\lib\*" ^
-Dderby.system.home=%CD% ^
-Djava.security.manager ^
-Djava.security.policy=%CD%\derbynet.policy ^
org.apache.derby.drda.NetworkServerControl start
This, however, didn't effect any change whatsoever in the behavior.
Has anyone else used this recommendation successfully?
