Oracle Cloud Infrastructure Documentation


This topic provides details on compatibility, advanced configurations, and add-ons for the Oracle Cloud Infrastructure Java SDK.

Security Manager Permissions

If your application needs to run inside the Java Security Manager, you must grant additional permissions by updating a policy file, or by specifying an additional or a different policy file at runtime.

The SDK requires the following permissions:

  • Required by Jersey:

    permission java.lang.RuntimePermission "getClassLoader";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "setFactory";
  • Required by the SDK to overwrite reserved headers:

    permission java.util.PropertyPermission "", "write";
  • Required by the SDK to open socket connections:

    permission "*", "connect";

To include another policy file, in addition to Java Runtime Environment's default policy file, launch the Java Virtual Machine with:


To replace the default policy file, launch the Java Virtual Machine with:



Use a single equals sign (=) when supplying an additional policy file. Use a double equals sign (==) only if you wish to replace the default policy file.

Java Virtual Machine TTL for DNS Name Lookups

The Java Virtual Machine (JVM) caches DNS responses from lookups for a set amount of time, called time-to-live (TTL). This ensures faster response time in code that requires frequent name resolution.

The JVM uses the networkaddress.cache.ttl property to specify the caching policy for DNS name lookups. The value is an integer that represents the number of seconds to cache the successful lookup. The default value for many JVMs, -1, indicates that the lookup should be cached forever.

Because resources in Oracle Cloud Infrastructure use DNS names that can change, we recommend that you change the the TTL value to 60 seconds. This ensures that the new IP address for the resource is returned on next DNS query. You can change this value globally or specifically for your application:

  • To set TTL globally for all applications using the JVM, add the following in the $JAVA_HOME/jre/lib/security/ file:

  • To set TTL only for your application, set the following in your application's initialization code:"networkaddress.cache.ttl" , "60");

Java 7 Setup

To use Java 7, you must have a version that supports TLS 1.2.

For more information, see:

Apache Connector Add-On

The oci-java-sdk-addons-apache is an optional add-on to the Java SDK that allows for configuring a client connection pool and an HTTP proxy. The add-on leverages the Jersey ApacheConnectorProvider instead of the SDK’s default HttpUrlConnectorProvider when making service calls.

Instruction for installing and configuring the Apache Connector add-on are available on GitHub in the Apache Connector Readme.

Using SLF4J for Logging

Logging in the SDK is done through SLF4J. SLF4J is a logging abstraction that allows the use of a user-supplied logging library (e.g., log4j). For more information, see the SLF4J manual.

The following is an example that enables basic logging to standard out. More advanced logging options can be configured by using the log4j binding.

  1. Download the SLF4J Simple binding jar: SLF4J Simple Binding
  2. Add the jar to your classpath (e.g., add it to the /third-party/lib directory of the SDK download)
  3. Add the following VM arg to enable debug level logging (by default, info level is used): -Dorg.slf4j.simpleLogger.defaultLogLevel=debug