A Common Mistake with Java SecurityManager.

I've seen some Java application launcher scripts like this:

java -Djava.security.policy=security.policy Main

It works fine but the SecurityManager is not installed, despite the presence of java.security.policy system property. It is unclear whether the author intends to install a SecurityManager or not. The point is, Java security design allows the separation of enabling the SecurityManager and security requirements. Therefore,

  • To run with SecurityManager and default Java security policy, which is $JAVA_HOME/jre/lib/security/java.policy:

    java -Djava.security.manager Main

  • To run with SecurityManager and only your custom security policy (ignoring default java security policy):

    java -Djava.security.manager -Djava.security.policy==security.policy Main

  • To run with SecurityManager and default java security policy first, then your custom security policy:

    java -Djava.security.manager -Djava.security.policy=security.policy Main

  • If you don't want a SecurityManager, then simply leave out java.security.policy to avoid any confusion.


Anjan said...

hi there,

good brief.


Anna said...

Great and Useful Article.

Online Java Course

Java Online Training

Java Course Online

J2EE training

online J2EE training

Best Recommended books for Spring framework

Java Interview Questions

Java Training Institutes in Chennai

Java Training in Chennai

J2EE Training in Chennai

java j2ee training institutes in chennai

Unknown said...

Good information

Unknown said...

Critical information, but rarely implemented, thanks

jazz said...

Excellent and very cool idea and the subject at the top of magnificence and I am happy to this post..Interesting post! Thanks for writing it.What's wrong with this kind of post exactly? It follows your previous guideline for post length as well as clarity.
Cloud Computing Training in Chennai