-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification
5.4.2. Java Security Manager Policy File
To operate JBoss EAP 6.2 according to the requirements of the certification, you must install the Common Criteria-evaluated Java Security Manager policy to ensure applications running on the system have the correct access privileges.
Procedure 5.3. Install Common Criteria-evaluated Security Manager Policy
Create the Common Criteria-evaluated Policy File
Copy the following text into a text editor and save it inEAP_HOME/bin/
directory. The suggested file name isjbosseap62.policy
.// Grant all to the jboss-modules.jar grant codeBase "file:${jboss.home.dir}/jboss-modules.jar" { permission java.security.AllPermission; }; // Standard extensions get all permissions by default grant codeBase "file:${java.home}/lib/ext/*" { permission java.security.AllPermission; };
Note
The CC-evaluated policy file may need additional permissions configured, such as permissions to database drivers. These permissions are site-specific.Configure the Java Parameters
Add the following Java command line parameters to the JBoss EAP start-up configuration scripts (standalone.conf, domain.conf, standalone.conf.bat, domain.conf.bat):- -Djava.security.manager
- Enables the security manager
- -Djava.security.policy==/path/to/security.policy
- Specify the path to the security policy file.
- -Djboss.home.dir=/path/to/JBOSS_EAP_HOME
- Define the system property that is used in the policy file.
- -Djboss.modules.policy-permissions=true
- Enables deployment level security permissions.
Example 5.1. standalone.conf
JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djava.security.policy==$JBOSS_HOME/bin/jbosseap62.policy -Djboss.home.dir=$JBOSS_HOME -Djboss.modules.policy-permissions=true"
Note
The JBOSS_HOME environment variable is not defined when domain.conf is processed. It can be used only in standalone.conf.Configure the Java Security Manager to use the policy file
See Java Security Manager in the Security Guide.