Running Java Security Manager without the default java.policy file
https://stackoverflow.com/questions/11620354
-
22-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I don't want to modify anything in my java home directory, however, I am afraid that sometimes my default java.policy file may be too permissive. Is there a way for me to use a specified policy file as the only policy file when I run java with the -Djava.security.manager option?
If I add a -Djava.security.policy=myPolicy.policy option, it uses my policy file in addition to the default policy file -- which is bad because it looks like all permissions granted in the default policy file is still granted.
Solution
A Common Mistake with Java SecurityManager:
To run with SecurityManager and default Java security policy, which is $JAVA_HOME/jre/lib/security/java.policy:
java -Djava.security.manager MainTo run with SecurityManager and only your custom security policy (ignoring default java security policy):
java -Djava.security.manager -Djava.security.policy==security.policy MainTo run with SecurityManager and default java security policy first, then your custom security policy:
java -Djava.security.manager -Djava.security.policy=security.policy MainIf you don't want a SecurityManager, then simply leave out java.security.policy to avoid any confusion.
