|
Replication and security
If you want to perform replication with the security manager enabled, you
must modify the security policy file on both the master and slave systems to
allow the master-slave network connection. The section to be modified is the
one following this line:
grant codeBase "${derby.install.url}derby.jar"
Add the following permission to the policy file on the master system:
permission java.net.SocketPermission "slaveHost:slavePort", "connect,resolve";
Add the following permission to the policy file on the slave system:
permission java.net.SocketPermission "slaveHost", "accept,resolve";
slaveHost and slavePort are the values you specify for the
slaveHost=hostname and slavePort=portValue attributes, which are
described in the Derby Reference Manual.
See Basic Network Server security policy for
details on the security policy file.
Depending on the security mode Derby is running under, the
measures described in the following table are enforced when you specify the
replication-related connection URL attributes.
Table 1. Replication behavior with Derby security
| Security mode |
Replication attribute requirements |
| No security |
Anyone may specify the replication attributes |
| Authentication is turned on |
Normal Derby connection policy: specify
valid user=userName and password=userPassword attributes |
| Authorization is turned on |
The user=userName and password=userPassword
attributes must be valid, and the user must be the owner of the replicated
database |
|
