Thank for reply.
I grante additional permissions to derbynet.jar:
but not work.
But I solve security policy problem with following work.

I modify
 'grant codeBase "file:///C:\Apache\db-derby-10.8.2.2-bin-slave\lib\derbynet.jar" '
to
 'grant codeBase "file:///C:/Apache/db-derby-10.8.2.2-bin-slave/lib/derbynet.jar" '
and
before start slave server I set DERBY_HOME with slave database installed path
setx DERBY_HOME C:\Apache\db-derby-10.8.2.2-bin-slave

then server start nicely and replication work propery.

thanks a lot .

YongHwan ,Jung


2014-07-30 22:21 GMT+09:00 Rick Hillegas <rick.hillegas@oracle.com>:
Thanks for including your policy file and the stack trace. This appears to be a bug in Derby. I have filed https://issues.apache.org/jira/browse/DERBY-6680 to track this issue. Try granting the following additional permissions to derbynet.jar:

  permission java.util.PropertyPermission "derby.ui.codeset", "read";
  permission java.util.PropertyPermission "derby.ui.locale", "read";


Thanks for finding this bug,
-Rick


On 7/29/14 7:14 PM, 정용환 wrote:

Thanks for reply

Its my custom sucurity policy

grant codeBase "file:///C:\Apache\db-derby-10.8.2.2-bin-slave\lib\derby.jar"
{
//
// These permissions are needed for everyday, embedded Derby usage.
//
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
      "write";
  // The next two properties are used to determine if the VM is 32 or 64 bit.
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.io.FilePermission "C:\derby\slave","read";
  permission java.io.FilePermission "C:\derby\slave${/}-", "read,write,delete";

//
// This permission lets a DBA reload the policy file while the server
// is still running. The policy file is reloaded by invoking the
// SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
//
  permission java.security.SecurityPermission "getPolicy";
//
// This permission lets you backup and restore databases
// to and from arbitrary locations in your file system.
//
// This permission also lets you import/export data to and from
// arbitrary locations in your file system.
//
// You may want to restrict this access to specific directories.
//
  permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";

//
// Permissions needed for JMX based management and monitoring, which is only
// available for JVMs supporting "platform management", that is J2SE 5.0 or better.
//
// Allows this code to create an MBeanServer:
//
  permission javax.management.MBeanServerPermission "createMBeanServer";
//
// Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
// Derby must be allowed to register and unregister these MBeans.
// It is possible to allow access only to specific MBeans, attributes or
// operations. To fine tune this permission, see the javadoc of
// javax.management.MBeanPermission or the JMX Instrumentation and Agent
// Specification.
//
  permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
//
// Trusts Derby code to be a source of MBeans and to register these in the MBean server.
//
  permission javax.management.MBeanTrustPermission "register";
  // getProtectionDomain is an optional permission needed for printing classpath
  // information to derby.log
  permission java.lang.RuntimePermission "getProtectionDomain";
  //
  // The following permission must be granted for Connection.abort(Executor) to work.
  // Note that this permission must also be granted to outer (application) code domains.
  //
  permission java.sql.SQLPermission "callAbort";
  permission java.net.SocketPermission "192.168.0.10:9001 <http://192.168.0.10:9001>", "listen";


  //add to replicate
  permission java.net.SocketPermission "192.168.0.10", "accept,resolve";
};
grant codeBase "file:///C:\Apache\db-derby-10.8.2.2-bin-slave\lib\derbynet.jar"
{
//
// This permission lets the Network Server manage connections from clients.
//
// Accept connections from any host. Derby is listening to the host
// interface specified via the -h option to "NetworkServerControl
// start" on the command line, via the address parameter to the
// org.apache.derby.drda.NetworkServerControl constructor in the API
// or via the property derby.drda.host; the default is localhost.
// You may want to restrict allowed hosts, e.g. to hosts in a specific
// subdomain, e.g. "*.acme.com <http://acme.com>".

  permission java.net.SocketPermission "*", "accept";
//
// Needed for server tracing.
//
  permission java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete";
//
// JMX: Uncomment this permission to allow the ping operation of the
//      NetworkServerMBean to connect to the Network Server.
//permission java.net.SocketPermission "*", "connect,resolve";

//
// Needed by sysinfo. The file permission is needed to
// check the existence of jars on the classpath. You can
// limit this permission to just the locations which hold
// your jar files.
//
// In this template file, this block of permissions is granted
// to derbynet.jar under the assumption that derbynet.jar is
// the first jar file in your classpath which contains the
// sysinfo classes. If that is not the case, then you will want
// to grant this block of permissions to the first jar file
// in your classpath which contains the sysinfo classes.
// Those classes are bundled into the following Derby
// jar files:
//
//    derbynet.jar
//    derby.jar
//    derbyclient.jar
//    derbytools.jar
//
  permission java.util.PropertyPermission "user.*", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.class.path", "read";
  permission java.util.PropertyPermission "java.runtime.version", "read";
  permission java.util.PropertyPermission "java.fullversion", "read";
  permission java.lang.RuntimePermission "getProtectionDomain";
  permission java.io.FilePermission "<<ALL FILES>>", "read";
  permission java.io.FilePermission "java.runtime.version", "read";
  permission java.io.FilePermission "java.fullversion", "read";
};

And
Following is excute script in startNetworkServer.bat

"%_JAVACMD%" -Djava.security.manager -Djava.security.policy=C:\Apache\db-derby-10.8.2.2-bin-slave\lib\igoServer.policy -Djava.security.debug=access:failure %DERBY_OPTS% -classpath "%LOCALCLASSPATH%" org.apache.derby.drda.NetworkServerControl start %DERBY_CMD_LINE_ARGS%


And there is no log in derby.log ,
So I get log -Djava.security.debug=access:failure

following is summury of excetion stack trace of the security exception


access: access denied (java.util.PropertyPermission derby.ui.codeset read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:650)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.getEnvProperty(Unknown Source)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.init(Unknown Source)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.<init>(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.init(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
access: domain that failed ProtectionDomain  (file:/C:/Apache/db-derby-10.8.2.2-bin/lib/derby.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@19821f
<no principals>
 java.security.Permissions@1f7d134 (
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name <http://java.vm.name> read)
 (java.util.PropertyPermission os.name <http://os.name> read)

 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name <http://java.specification.name> read)

 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name <http://java.vm.specification.name> read)

 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.io.FilePermission \C:\Apache\db-derby-10.8.2.2-bin\lib\derby.jar read)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission exitVM)
)

access: access denied (java.util.PropertyPermission derby.ui.locale read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:650)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.getEnvProperty(Unknown Source)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.init(Unknown Source)
        at org.apache.derby.iapi.tools.i18n.LocalizedResource.<init>(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.init(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
access: domain that failed ProtectionDomain  (file:/C:/Apache/db-derby-10.8.2.2-bin/lib/derby.jar <no signer certificates>)
 sun.misc.Launcher$AppClassLoader@19821f
<no principals>
 java.security.Permissions@c7e553 (
 (java.util.PropertyPermission line.separator read)
 (java.util.PropertyPermission java.vm.version read)
 (java.util.PropertyPermission java.vm.specification.version read)
 (java.util.PropertyPermission java.vm.specification.vendor read)
 (java.util.PropertyPermission java.vendor.url read)
 (java.util.PropertyPermission java.vm.name <http://java.vm.name> read)
 (java.util.PropertyPermission os.name <http://os.name> read)

 (java.util.PropertyPermission java.vm.vendor read)
 (java.util.PropertyPermission path.separator read)
 (java.util.PropertyPermission java.specification.name <http://java.specification.name> read)

 (java.util.PropertyPermission os.version read)
 (java.util.PropertyPermission os.arch read)
 (java.util.PropertyPermission java.class.version read)
 (java.util.PropertyPermission java.version read)
 (java.util.PropertyPermission file.separator read)
 (java.util.PropertyPermission java.vendor read)
 (java.util.PropertyPermission java.vm.specification.name <http://java.vm.specification.name> read)

 (java.util.PropertyPermission java.specification.version read)
 (java.util.PropertyPermission java.specification.vendor read)
 (java.io.FilePermission \C:\Apache\db-derby-10.8.2.2-bin\lib\derby.jar read)
 (java.net.SocketPermission localhost:1024- listen,resolve)
 (java.lang.RuntimePermission stopThread)
 (java.lang.RuntimePermission exitVM)
)
access: access denied (java.util.PropertyPermission derby.system.home read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:650)
        at org.apache.derby.impl.services.monitor.FileMonitor.PBinitialize(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.impl.services.monitor.FileMonitor.initialize(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.<init>(Unknown Source)
        at org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.getPropertyInfo(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
access: access denied (java.io.FilePermission derby.properties read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
        at java.io.File.exists(File.java:731)
        at org.apache.derby.impl.services.monitor.FileMonitor.PBapplicationPropertiesStream(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.impl.services.monitor.FileMonitor.applicationPropertiesStream(Unknown Source)
        at org.apache.derby.impl.services.monitor.BaseMonitor.readApplicationProperties(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.<init>(Unknown Source)
        at org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.getPropertyInfo(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)
access: access denied (java.util.PropertyPermission derby.drda.logConnections read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)
        at java.lang.System.getProperty(System.java:650)
        at org.apache.derby.impl.services.monitor.FileMonitor.PBgetJVMProperty(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.impl.services.monitor.FileMonitor.getJVMProperty(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.iapi.services.property.PropertyUtil.getSystemProperty(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.getPropertyInfo(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.<init>(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)

access: access denied (java.io.FilePermission derby.log read)
java.lang.Exception: Stack trace
        at java.lang.Thread.dumpStack(Thread.java:1206)
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:313)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
        at java.io.File.exists(File.java:731)
        at org.apache.derby.impl.services.stream.SingleStream.PBmakeFileHPW(Unknown Source)
        at org.apache.derby.impl.services.stream.SingleStream.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.impl.services.stream.SingleStream.makeFileHPW(Unknown Source)
        at org.apache.derby.impl.services.stream.SingleStream.createDefaultStream(Unknown Source)
        at org.apache.derby.impl.services.stream.SingleStream.makeStream(Unknown Source)
        at org.apache.derby.impl.services.stream.SingleStream.boot(Unknown Source)
        at org.apache.derby.impl.services.monitor.BaseMonitor.boot(Unknown Source)
        at org.apache.derby.impl.services.monitor.TopService.bootModule(Unknown Source)
        at org.apache.derby.impl.services.monitor.BaseMonitor.startModule(Unknown Source)
        at org.apache.derby.iapi.services.monitor.Monitor.startSystemModule(Unknown Source)
        at org.apache.derby.impl.services.monitor.BaseMonitor.runWithState(Unknown Source)
        at org.apache.derby.impl.services.monitor.FileMonitor.<init>(Unknown Source)
        at org.apache.derby.iapi.services.monitor.Monitor.startMonitor(Unknown Source)
        at org.apache.derby.iapi.jdbc.JDBCBoot.boot(Unknown Source)
        at org.apache.derby.jdbc.EmbeddedDriver.boot(Unknown Source)
        at org.apache.derby.jdbc.EmbeddedDriver.<clinit>(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:169)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.startNetworkServer(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.blockingStart(Unknown Source)
        at org.apache.derby.impl.drda.NetworkServerControlImpl.executeWork(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)

Thank you

2014-07-29 21:48 GMT+09:00 Rick Hillegas <rick.hillegas@oracle.com <mailto:rick.hillegas@oracle.com>>:


    Could you attach the security policy you are using as well as the
    derby.log file which shows the complete stack trace of the
    security exception?

    Thanks,
    -Rick


    On 7/28/14 10:03 PM, 정용환 wrote:



        Hellow, I am derby user in korea.



        I have a problem while I try to replication.



        I success to replication with embeded mode.

        and replication with server mode with no security manager.



        but replication not work with  server mode with security manager.



        manual said

        "If you want to perform replication with the security manager
        enabled, you must modify
         the security policy file on both the master and slave systems
        to allow the master-slave
        network connection."



        so I try to modify security policy file

        follow with "Customizing the Network Server's security policy"
        section

        but when I start server with

        C:\Apache\db-derby-10.8.2.2-bin-slave\bin\startNetworkServer.bat
        -h 192.168.0.10 -p 1530

        and following is part of startNetworkServer.bat

        "%_JAVACMD%" -Djava.security.manager
        -Djava.security.policy=C:\Apache\db-derby-10.8.2.2-bin-slave\lib
        %DERBY_OPTS% -classpath "%LOCALCLASSPATH%"
        org.apache.derby.drda.NetworkServerControl start
        %DERBY_CMD_LINE_ARGS%

        cmd log
        "Thread[main,5,main] java.security.AccessControlException :
        access denied (java.io.FilePermission derby.log read)"

        then server start
        but when I connect db
        , error messege show
        "data volume is not enough , expected minimum volume is 6 byte but
        received volume is obyte. connect is end."

        please give me hint or solution to solve that problem.

        OS is window 7


        Thank you.