Using a Java 2 security manager with a J2EE application client:

Using a Java 2 security manager with a J2EE application client

The launchClient command provides several parameters to control the use of a Java 2 security manager. By default the launchClient command does not enable nor run with a Java 2 security manager. To enable the Java 2 security manager, add the following parameter to your launchClient command:
-CCsecurityManager=enable
For example:
launchClient myear.ear -CCsecurityManager=enable
When the security manager is enabled, the launchClient uses by default the java.lang.SecurityManager class and the client.policy, which is configured to provide default permissions for a J2EE application clients and applets.
If your application receives a java.security.AccessControlException, add additional permissions to the client.policy file. For more information on adding additional permissions, see configuring client.policy files and AccessControlException.
One can override the default security manager class by specifying the -CCsecurityMgrClass parameter and the default policy file using the -CCsecurityMgrPolicy parameter. For more information, see launchClient tool.
If you invoke Java to start the launchClient class, it is recommended that you do not use the -Djava.security.manager parameter to enable the Java 2 security manager. Using this parameter causes the Java 2 security manager to be enabled prior to initialization of the J2EE application client runtime. The necessary permissions are not granted and your application may receive java.security.AccessControlExceptions .
When the J2EE application client runtime is initialized, the Enterprise Archive file that you specified is extracted to a random subdirectory in your users temporary directory location.
If the EAR file is a set of directories and subdirectories, then it is used in place and not expanded.The J2EE application client runtime sets the com.ibm.websphere.client.applicationclient.archivedir system property to the directory location of the EAR file. The client.policy file uses this system property to inform the security manager of the location of your application client codebase and to assign the configured permissions to that codebase. This occurs when the security manager is enabled. If the security manager is enabled at the time Java is started, then this system property is not set, the codebase is unknown, and the permissions can not be granted.
It is recommended that you enable the security manager with the J2EE application client runtime. Use the following parameter: -CCsecurityManager=enable .