Use a Java 2 security manager with a J2EE application client


The launchClient command provides several parameters to control the Java 2 security manager. To enable the Java 2 security manager:


For example

launchClient AppName.ear -CCsecurityManager=enable

By default, launchClient uses the java.lang.SecurityManager class and the $WAS_HOME/properties/client.policy policy file. If you get exceptions, add additional permissions to client.policy.

Override the default security manager class by specifying the -CCsecurityMgrClass parameter and the default policy file using the -CCsecurityMgrPolicy parameter.

If you invoke Java code to start the launchClient class, it is recommended that you do not use the parameter to enable the Java 2 security manager. Using this parameter causes the Java 2 security manager to be enabled prior to initialization of the J2EE application client run-time environment. The necessary permissions are not granted and your application might receive the exception.

When the J2EE application client run time is initialized, the EAR file that you specified is extracted to a random subdirectory in your users temporary directory location.

If the EAR file is a set of directories and subdirectories, then it is used in place and not expanded.The J2EE application client run time sets the...
...system property to the directory location of the EAR file. The client.policy file uses this system property to inform the security manager of the location of your application client code base and to assign the configured permissions to that code base. This activity occurs when the security manager is enabled. If the security manager is enabled at the time the Java code is started, then this system property is not set, the code base is unknown, and the permissions are not granted.

It is recommended that you enable the security manager with the J2EE application client run time. Use the following parameter: -CCsecurityManager=enable.