How to enable a security manager on a single server and not on all servers launched by the host

Solution Verified - Updated 2017-06-23T15:42:09+00:00 -

Issue

We are experiencing poor performance with the security manager enabled. Our analysis points to the following classes as the bottleneck
We have an application where we have a host controller for multiple servers. We succeeded in enabling the security manager at the host controller level.
However, we noticed quite a performance hit with a security manager enabled and would like to be able to have it enable only on the server that requires it.
We tried the following but there was no improvement in performance
- uncommenting the line SECMGR="true"
- providing a different policy file to each server so that each one runs with its own policy:

        <server name="server-one" group="main-server-group">
            <jvm name="default">
              <jvm-options>
              <option value="-Djava.security.policy=/tmp/server1.policy"></option>
              </jvm-options>
           </jvm>

* tested setting using the single (=) and double equal (==) for java.security.policy but to no avail

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 6.4.x, 7.0.x, 7.1.x
- Domain mode
- Security manager enabled

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories