Java Reference
In-Depth Information
securitymanagerusingtheappropriatecommand-lineflags.Thesecuritypolicyfilegrants
permissions to the application for its intended actions.
Click here to view code image
java -Djava.security.manager -Djava.security.policy=policyURL \
LocalJavaApp
The command-line flag can specify a custom security manager whose policies are en-
forced globally. Use the -Djava.security.manager flag, as follows:
Click here to view code image
java -Djava.security.manager=my.security.CustomManager ...
If the current security policy enforced by the current security manager forbids replace-
ments (by omitting the RuntimePermission("setSecurityManager") ), any attempt to
invoke setSecurityManager() will throw a SecurityException .
The default security policy file java.policy —found in the /path/to/java.home/
lib/security directory on UNIX-like systems and its equivalent on Microsoft Windows
systems—grants a few permissions (reading system properties, binding to unprivileged
ports, and so forth). A user-specific policy file may also be located in the user's home
directory. The union of these policy files specifies the permissions granted to a program.
The java.security file can specify which policy files are used. If either of the system-
wide java.policy or java.security files is deleted, no permissions are granted to the
executing Java program.
Compliant Solution (Custom Policy File)
Use double equals ( == ) instead of the single equals ( = ) when overriding the global Java
security policy file with a custom policy file:
Click here to view code image
java -Djava.security.manager \
-Djava.security.policy==policyURL \
LocalJavaApp
Compliant Solution (Additional Policy Files)
The appletviewer automaticallyinstallsasecuritymanagerwiththestandardpolicyfile.
To specify additional policy files, use the -J flag.
Search WWH ::




Custom Search