Menu
I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy file as the only policy file when I run java with the -Djava.security.manager option?
If I add a -Djava.security.policy=myPolicy.policy option, it uses my policy file in addition to the default policy file -- which is bad because it looks like all permissions granted in the default policy file is still granted.
577
The Java Security Manager is disabled by default when you install the product, which can improve performance significantly for some types of applications. Enabling the Java Security Manager might improve security by restricting the rights granted to your Java EE web applications.
The java. policy file that is supplied by WebSphere Application Server is located at install_root/java/jre/lib/security/java. policy. This file contains these default permissions.
The Java security manager uses the Java security policy file to enforce a set of permissions granted to classes. The permissions allow specified classes running in that instance of the JVM to permit or not permit certain runtime operations.
A Common Mistake with Java SecurityManager:
To run with SecurityManager and default Java security policy, which is $JAVA_HOME/jre/lib/security/java.policy:
java -Djava.security.manager Main
To run with SecurityManager and only your custom security policy (ignoring default java security policy):
java -Djava.security.manager -Djava.security.policy==security.policy Main
To run with SecurityManager and default java security policy first, then your custom security policy:
java -Djava.security.manager -Djava.security.policy=security.policy Main
If you don't want a SecurityManager, then simply leave out java.security.policy to avoid any confusion.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
