Welcome to the jGuard's wiki » Welcome on your Wiki » General section » Configure the java security manager

Configure the java security manager

Last modified by RaffaelloPelagalli on 2005/09/29 18:11

Configure the java security manager

jGuard can be executed with the java Security Manager enabled. This major java component, securize any java application run with the -Djava.security.manager argument at startup. j2ee application servers are java applications too but sometimes, wrap the securityManager in a specific configuration.

With the tomcat application server, it is enabled with the -security argument, when you launch the catalina shell(catalina.sh or catalina.bat, depending on your platform) with this argument, according to the tomcat Security Manager HOW-TO. on unix:

$CATALINA_HOME/bin/catalina.sh start -security
on windows:
%CATALINA_HOME%\bin\catalina start -security
Note for webapp developers using the eclipse IDE,that a useful tomcat plugin from the Sysdeo company, permit to launch tomcat from the ide, with the securityManager; depending of your TomcatPlugin configuration. To support the SecurityManager, you MUST configure the default policy file provided by the jvm vendor. But, if the SecurityManager is not set, you don't need to configure your default Policy file. With the sun jvm, it is the java.policy file located under the same directory that the java.security file. In the sun settings into the java.policy file, you MUST NOT give the AllPermission permission.
=> in this case(default case), jGuard will always permit access, that is not the goal of the library!!! so, COMMENT (with //) this line on the empty grant entry:
// permission java.security.AllPermission;
jGuard require some permissions declared in this file, and your applications server too. an example of java.policy configuration is provided with this distribution.
Tags:
Created by diabolo512 on 2005/09/29 18:08

jGuard team copyright 2004-2009
3.1.1