Example: Use a Java 2 security manager with a J2EE application client

Example: Use a Java 2 security manager with a J2EE application client

The launchClient script provides several parameters to control the use of a Java 2 security manager. By default, the launchClient script does not enable or run with a Java 2 security manager.

To enable a Java 2 security manager, add the following parameter to the launchClient script:

-CCsecurityManager=enable

For example:

launchClient myear.ear -CCsecurityManager=enable

When the security manager is enabled, the launchClient script uses the java.lang.SecurityManager class and the was_home/properties/client.policy policy file. This policy file is configured to provide the standard permissions as described in the J2EE specification for J2EE application clients and applets. If your application receives a java.security.AccessControlException, add additional permissions to the client.policy file.

You can override the default security manager class by specifying the -CCsecurityMgrClass parameter and the default policy file using the -CCsecurityMgrPolicy parameter. For more information, see The launchClient script.

If you invoke Java to start the launchClient script, it is recommended that you do not use the -Djava.security.manager parameter to enable the Java 2 security manager. Using this parameter causes the Java 2 security manager to be enabled prior to initialization of the J2EE application client runtime. The necessary permissions are not granted and your application may receive a java.security.AccessControlExceptions.

When the J2EE application client runtime is initialized, the Enterprise Archive (EAR) file that you specified is extracted to a random subdirectory in your users temporary directory location.
Note: If the EAR file is a set of directories and subdirectories, then that is used and not expanded.

The J2EE application client runtime sets the com.ibm.websphere.client.applicationclient.archivedir system property to the directory location of the EAR file. The client.policy file uses this system property to inform the security manager of the location of your application client codebase and to assign the configured permissions to that codebase. This occurs when the security manager is enabled. If the security manager is enabled at the time Java is started, then this system property is not set, the codebase is unknown, and the permissions can not be granted.

It is recommended that you enable the security manager with the J2EE application client runtime. Use the following parameter:
-CCsecurityManager=enable