Running Java Security Manager without the default java.policy file

About

Asked 23/7, 2012 at 20:53 Answered 18/8, 2012 at 20:27

I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy file as the only policy file when I run java with the -Djava.security.manager option?

If I add a -Djava.security.policy=myPolicy.policy option, it uses my policy file in addition to the default policy file -- which is bad because it looks like all permissions granted in the default policy file is still granted.

Regelation answered 23/7, 2012 at 20:53 Comment(0)

A Common Mistake with Java SecurityManager:

To run with SecurityManager and default Java security policy, which is $JAVA_HOME/jre/lib/security/java.policy:

java -Djava.security.manager Main
To run with SecurityManager and only your custom security policy (ignoring default java security policy):

java -Djava.security.manager -Djava.security.policy==security.policy Main
To run with SecurityManager and default java security policy first, then your custom security policy:

java -Djava.security.manager -Djava.security.policy=security.policy Main
If you don't want a SecurityManager, then simply leave out java.security.policy to avoid any confusion.

Doriedorin answered 18/8, 2012 at 20:27 Comment(2)

Wow... I would have not expect that to work, so counter intuitive to use == as an enforcer. – Electrify 22/1, 2017 at 7:51

@Electrify I'm sure the Sun author who made this change didn't send it for code review :-D – Dill 15/8, 2018 at 20:27

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags