Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

2.5.5. Java Security Manager Policy File

To operate JBoss Enterprise Application Platform according to the requirements of the certification, you must do the following to ensure applications running on the system have the correct access privileges:
  • Install the jbossas-security-policy-cc package.
  • Configure the Java Security Manager to use the policy file.
Correctly installing the jbossas-security-policy-cc package is covered as part of the installation procedures in Chapter 3, Downloading and Verifying the Packages. The jbossas-security-policy-cc package provides the security_cc.policy file, which is installed in the JBOSS_HOME/bin/ directory.
The security manager policy file for the common criteria evaluated configuration can require additions of permissions that are needed for database drivers to function for user applications. The system administrator can assign permissions to the database drivers that are needed by user applications. It is recommended that the most restrictive permissions are added
You must define security access permissions for the database
For security reasons, you must manually specify the policy file in the run.conf (Linux) or run.conf.bat (Windows) file. For complete instructions on configuring the JSM to use the security_cc.policy, refer to the Using the Security Manager section in the Security Guide.