Example: Using a Java 2 security manager with a J2EE application client: WAS ND

Example: Using a Java 2 security manager with a J2EE application client

The launchClient command provides several parameters to control the Java 2 security manager. By default the launchClient command does not enable nor run with a Java 2 security manager. To enable the Java 2 security manager, add the following parameter to your launchClient command:

-CCsecurityManager=enable
For example:

launchClient myear.ear -CCsecurityManager=enable

When the security manager is enabled, the launchClient command uses by default the java.lang.SecurityManager class and the <install_root> /properties/client.policy policy file. This policy file is configured to provide the standard permissions as described in the J2EE specification for J2EE application clients and applets. If your application receives a java.security.AccessControlException exception, add additional permissions to the client.policy file. For more information on adding permissions, see configuring client.policy files and AccessControlException.

You can override the default security manager class by specifying the -CCsecurityMgrClass parameter and the default policy file using the -CCsecurityMgrPolicy parameter. For more information, see launchClient tool.

If you invoke Java code to start the launchClient class, it is recommended that you do not use the -Djava.security.manager parameter to enable the Java 2 security manager. Using this parameter causes the Java 2 security manager to be enabled prior to initialization of the J2EE application client run-time environment. The necessary permissions are not granted and your application might receive the java.security.AccessControlExceptions exception.

When the J2EE application client run time is initialized, the Enterprise Archive (EAR) file that specified is extracted to a random subdirectory in your users temporary directory location.
Note: If the EAR file is a set of directories and subdirectories, then it is used in place and not expanded.
The J2EE application client run time sets the com.ibm.websphere.client.applicationclient.archivedir system property to the directory location of the EAR file. The client.policy file uses this system property to inform the security manager of the location of your application client code base and to assign the configured permissions to that code base. This activity occurs when the security manager is enabled. If the security manager is enabled at the time the Java code is started, then this system property is not set, the code base is unknown, and the permissions are not granted.

It is recommended that you enable the security manager with the J2EE application client run time. Use the following parameter: -CCsecurityManager=enable.