When you run the luceneSupport tool under a Java Security Manager, the security policy must grant privileges to two jar files.
The following privileges must be granted to derbyoptionaltools.jar and to the core Lucene jar file:
//
// Permissions for the optional tools (derbyoptionaltools.jar)
//
grant codeBase "${derby.install.url}derbyoptionaltools.jar"
{
  permission java.util.PropertyPermission "derby.system.home", "read";
  permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
  // all databases under derby.system.home 
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE",
      "read,write,delete";
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
      "read,write,delete";
  permission java.io.FilePermission "${lucene.core.jar.file}", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
// Permissions for the Lucene plugin
grant codeBase "${lucene.core.jar.file.url}"
{
  // permissions for file access, write access only to sandbox:
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE",
      "read,write,delete";
  permission java.io.FilePermission
      "${derby.system.home}${/}${databaseName}${/}LUCENE${/}-",
      "read,write,delete";
  
  // Basic permissions needed for Lucene to work:
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};