6.3. Write a Java Security Manager Policy
An application called
policytool is included with most JDK and JRE distributions, for the purpose of creating and editing Java Security Manager security policies. Detailed information about
policytool is linked from http://docs.oracle.com/javase/6/docs/technotes/tools/.
A security policy's entry consists of the following configuration elements:
- The URL location (excluding the host and domain information) where the code originates from. This parameter is optional.
- The alias used in the keystore to reference the signer whose private key was used to sign the code. This can be a single value or a comma-separated list of values. This parameter is optional. If omitted, presence or lack of a signature has no impact on the Java Security Manager.
- A list of
principal_namepairs, which must be present within the executing thread's principal set. The Principals entry is optional. If it is omitted, it signifies "any principals".
- A permission is the access which is granted to the code. Many permissions are provided as part of the Java Enterprise Edition 6 (Java EE 6) specification. This document only covers additional permissions which are provided by JBoss EAP 6.
Procedure 6.1. Setup a new Java Security Manager Policy
policytooltool in one of the following ways.
Red Hat Enterprise LinuxFrom your GUI or a command prompt, run
Microsoft Windows ServerRun
policytool.exefrom your Start menu or from the
bin\of your Java installation. The location can vary.
Create a policy.To create a policy, select Add Policy Entry. Add the parameters you need, then click Done.
Edit an existing policySelect the policy from the list of existing policies, and select the Edit Policy Entry button. Edit the parameters as needed.
Delete an existing policy.Select the policy from the list of existing policies, and select the Remove Policy Entry button.