7

I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy file as the only policy file when I run java with the -Djava.security.manager option?

If I add a -Djava.security.policy=myPolicy.policy option, it uses my policy file in addition to the default policy file -- which is bad because it looks like all permissions granted in the default policy file is still granted.

math4tots
  • 8,540
  • 14
  • 58
  • 95

1 Answers1

15

A Common Mistake with Java SecurityManager:

  • To run with SecurityManager and default Java security policy, which is $JAVA_HOME/jre/lib/security/java.policy:

    java -Djava.security.manager Main

  • To run with SecurityManager and only your custom security policy (ignoring default java security policy):

    java -Djava.security.manager -Djava.security.policy==security.policy Main

  • To run with SecurityManager and default java security policy first, then your custom security policy:

    java -Djava.security.manager -Djava.security.policy=security.policy Main

  • If you don't want a SecurityManager, then simply leave out java.security.policy to avoid any confusion.

esaj
  • 15,875
  • 5
  • 38
  • 52
  • 4
    Wow... I would have not expect that to work, so counter intuitive to use == as an enforcer. – TacB0sS Jan 22 '17 at 07:51
  • @TacB0sS I'm sure the Sun author who made this change didn't send it for code review :-D – asgs Aug 15 '18 at 20:27