Java Reference
In-Depth Information
securitymanagerusingtheappropriatecommand-lineflags.Thesecuritypolicyfilegrants
permissions to the application for its intended actions.
java -Djava.security.manager -Djava.security.policy=policyURL \
LocalJavaApp
The command-line flag can specify a custom security manager whose policies are en-
forced globally. Use the
-Djava.security.manager
flag, as follows:
java -Djava.security.manager=my.security.CustomManager ...
If the current security policy enforced by the current security manager forbids replace-
ments (by omitting the
RuntimePermission("setSecurityManager")
), any attempt to
invoke
setSecurityManager()
will throw a
SecurityException
.
The default security policy file
java.policy
—found in the
/path/to/java.home/
lib/security
directory on UNIX-like systems and its equivalent on Microsoft Windows
systems—grants a few permissions (reading system properties, binding to unprivileged
ports, and so forth). A user-specific policy file may also be located in the user's home
directory. The union of these policy files specifies the permissions granted to a program.
The
java.security
file can specify which policy files are used. If either of the system-
wide
java.policy
or
java.security
files is deleted, no permissions are granted to the
executing Java program.
Compliant Solution (Custom Policy File)
Use double equals (
==
) instead of the single equals (
=
) when overriding the global Java
security policy file with a custom policy file:
java -Djava.security.manager \
-Djava.security.policy==policyURL \
LocalJavaApp
Compliant Solution (Additional Policy Files)
The
appletviewer
automaticallyinstallsasecuritymanagerwiththestandardpolicyfile.
To specify additional policy files, use the
-J
flag.