Welcome to the jGuard's wiki » jGuard Documentation » Configure the java security manager

Configure the java security manager

Last modified by RaffaelloPelagalli on 2006/03/02 23:26

Configure the java security manager

jGuard can be executed with the java Security Manager enabled. This major java component, securize any java application run with the -Djava.security.manager argument at startup. j2ee application servers are java applications too but sometimes, wrap the securityManager in a specific configuration.

To launch the Tomcat Application Server with the -security argument enabled, launch the catalina shell(catalina.sh or catalina.bat, depending on your platform) with this argument (according to the tomcat Security Manager HOW-TO). on Unix:

$CATALINA_HOME/bin/catalina.sh start -security
on Windows:
%CATALINA_HOME%\bin\catalina start -security
Note that for webapp developers using the Eclipse IDE, a useful tomcat plugin from the Sysdeo company, permits launching or Tomcat from the IDE, with the SecurityManager; depending of your TomcatPlugin configuration. To support the SecurityManager, you MUST configure the default policy file provided by the jvm vendor. But, if the SecurityManager is not set, you don't need to configure your default Policy file. With the sun jvm, it is the java.policy file located under the same directory that the java.security file. In the sun settings into the java.policy file, you MUST NOT give the AllPermission permission.
=> in this case(default case), jGuard will always permit access, that is not the goal of the library!!! so, COMMENT (with //) this line on the empty grant entry:
// permission java.security.AllPermission;
jGuard requires some permissions to be declared in this file, and your application server too. An example of java.policy configuration is provided with this distribution.
Created by diabolo512 on 2006/02/09 14:46

jGuard team copyright 2004-2009