Replication and security

If you want to perform replication with the security manager enabled, you must modify the security policy file on both the master and slave systems to allow the master-slave network connection.

The section to be modified is the one following this line:

grant codeBase "${derby.install.url}derby.jar"

Add the following permission to the policy file on the master system:

permission "slaveHost:slavePort", "connect,resolve";

Add the following permissions to the policy file on the slave system:

permission "slaveHost", "accept,resolve";
permission "localhost:slavePort", "listen";

slaveHost and slavePort are the values you specify for the slaveHost=hostname and slavePort=portValue attributes, which are described in the Derby Reference Manual.

See "Configuring Java security" in the Derby Security Guide for details on the security policy file.

Depending on the security mode Derby is running under, the measures described in the following table are enforced when you specify the replication-related connection URL attributes.

Table 1. Replication behavior with Derby security
Security Mode Replication Attribute Requirements
No security Anyone may specify the replication attributes
Authentication is turned on Normal Derby connection policy: specify valid user=userName and password=userPassword attributes
Authorization is turned on The user=userName and password=userPassword attributes must be valid, and the user must be the owner of the replicated database
Related concepts
Starting and running replication
Stopping replication
Forcing a failover
Replication failure handling