9.9.2. Run JBoss Enterprise Application Platform Within the Java Security Manager
To specify a Java Security Manager policy, you need to edit the Java options passed to the domain or server instance during the bootstrap process. For this reason, you cannot pass the parameters as options to the
standalone.shscripts. The following procedure guides you through the steps of configuring your instance to run within a Java Security Manager policy.
- Before you following this procedure, you need to write a security policy, using the
policytoolcommand which is included with your Java Development Kit (JDK). This procedure assumes that your policy is located at
- The domain or standalone server must be completely stopped before you edit any configuration files.
Perform the following procedure for each physical host or instance in your domain, if you have domain members spread across multiple systems.
Procedure 9.9. Task
Edit the configuration file.Open the configuration file for editing. This file is located in one of two places, depending on whether you use a managed domain or standalone server. This is not the executable file used to start the server or domain.
Add the Java options at the end of the file.Add the following line to a new line at the very end of the file. You can modify the
-Djava.security.policyvalue to specify the exact location of your security policy. It should go onto one line only, with no line break. You can modify the
-Djava.security.debugto log more or less information, by specifying the debug level. The most verbose is
JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djboss.home.dir=$PWD/.. -Djava.security.policy==$PWD/server.policy -Djava.security.debug=failure"
Start the domain or server.Start the domain or server as normal.