I am implementing the Google Drive API using the java jars. I started with the sample DriveCommandLine.java found here: https://developers.google.com/drive/quickstart-java . The XPage throws the following: Error while calling java constructor ... (java.lang.reflect.InvocationTargetException). not allowed to access members in class class java.util.AbstractMap

I understand that the Google java code uses reflection, which is not allowed by the default Lotus Domino java.policy file. I tested changing the default permission to: permission java.security.AllPermission;

which solved the security issue.

My concern is now, not to leave the java.policy file with an open default permission. I was not able to find the documentation for the java.policy specs... Is there a way to narrow this permission to the specific code which needs it?

Thanks for your help

Please try

grant {
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

This should allow the reflection for your java classes.

Alternativly you can restrict the policy settings for a single database only:

grant codeBase "xspnsf://server:0/path/to/your/db.nsf/-" {
    permission java.security.AllPermission;
};

In this setting you have to change the path to your database (by replacing the /path/to/your/db.nsf/ only, not the server:0).

Instead of giving all permissions to the single database, you can restrict it to the ReflectPermission too.