This topic provides details on compatibility, advanced configurations, and add-ons for the Oracle Cloud Infrastructure SDK for Java.

Security Manager Permissions

If your application needs to run inside the Java Security Manager, you must grant additional permissions by updating a policy file, or by specifying an additional or a different policy file at runtime.

The SDK requires the following permissions:

  • Required by Jersey:

    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "setFactory";
  • Required by the SDK to overwrite reserved headers:

    permission java.util.PropertyPermission "", "write";
  • Required by the SDK to open socket connections:

    permission "*", "connect";

To include another policy file, in addition to Java Runtime Environment's default policy file, launch the Java Virtual Machine with:


To replace the default policy file, launch the Java Virtual Machine with:


Use a single equals sign (=) when supplying an additional policy file. Use a double equals sign (==) only if you wish to replace the default policy file.

Java Virtual Machine TTL for DNS Name Lookups

The Java Virtual Machine (JVM) caches DNS responses from lookups for a set amount of time, called time-to-live (TTL). This ensures faster response time in code that requires frequent name resolution.

The JVM uses the networkaddress.cache.ttl property to specify the caching policy for DNS name lookups. The value is an integer that represents the number of seconds to cache the successful lookup. The default value for many JVMs, -1, indicates that the lookup should be cached forever.

Because resources in Oracle Cloud Infrastructure use DNS names that can change, we recommend that you change the TTL value to 60 seconds. This ensures that the new IP address for the resource is returned on next DNS query. You can change this value globally or specifically for your application:

  • To set TTL globally for all applications using the JVM, add the following in the $JAVA_HOME/jre/lib/security/ file:

  • To set TTL only for your application, set the following in your application's initialization code:"networkaddress.cache.ttl" , "60");

Apache Connector Add-On

The oci-java-sdk-addons-apache is an optional add-on to the SDK for Java that allows for configuring a client connection pool and an HTTP proxy. The add-on leverages the Jersey ApacheConnectorProvider instead of the SDK’s default HttpUrlConnectorProvider when making service calls. The add-on can be found in the bmc-addons directory of the SDK.

For details on installation and configuration, see the Readme for the add-on.

Using BC-FIPS Instead of Bouncy Castle

If you need FIPS compliance, you must download and use a FIPS-certified version. The SDK supports bc-fips 1.0.2 and bcpkix-fips 1.0.3. You can download them at:

For help installing and configuring Bouncy Castle FIPS, see "BC FIPS Documentation" in the User Guides and Security Policy of the Bouncy Castle Documentation.

Self-Managed Dependencies

If you are managing dependencies yourself:

  1. Remove the non-FIPS Bouncy Castle jar files from the class path:
    1. bcprov-jdk15on-1.60.jar
    2. bcpkix-jdk15on-1.60.jar
  2. Add the FIPS Bouncy Castle jar files to the class path instead:
    1. bc-fips-1.0.2.jar
    2. bcpkix-fips-1.0.3.jar

Maven-Managed Dependencies

If you are using Maven to manage your dependencies:

  1. Add the correct versions of bc-fips and bcpkix-fips to your dependencies:
      . . .
      . . .
  2. Since you are depending on an oci-java-sdk* package, you need to remove the non-FIPS Bouncy Castle dependencies:
      . . .
        <version> . . . </version>
      . . .

Using Your Own JAX-RS Implementation

The SDK for Java is bundled with Jersey, but you can also use your own JAX-RS implementation.

RESTEasy Client Configurator Add-On

The oci-java-sdk-addons-resteasy-client-configurator is provided to demonstrate how to configure an alternate JAX-RS implementation. The add-on can be found in the bmc-addons directory of the SDK.

For details on installation and configuration, see the Readme for the add-on.

For code samples that demonstrate how to configure the client, see:

Using SLF4J for Logging

Logging in the SDK is done through SLF4J. SLF4J is a logging abstraction that allows the use of a user-supplied logging library (e.g., log4j). For more information, see the SLF4J manual.

The following is an example that enables basic logging to standard out. More advanced logging options can be configured by using the log4j binding.

  1. Download the SLF4J Simple binding jar: SLF4J Simple Binding
  2. Add the jar to your classpath (e.g., add it to the /third-party/lib directory of the SDK download)
  3. Add the following VM arg to enable debug level logging (by default, info level is used): -Dorg.slf4j.simpleLogger.defaultLogLevel=debug