Running under the Java 2 Security Manager

Running WebSphere MQ Java applications under the Java 2 Security Manager

WebSphere MQ Java can run with the Java™ 2 Security Manager enabled. To successfully run applications with the Security Manager enabled, configure your JVM with a suitable policy definition file.
The simplest way to do this is to change the policy file supplied with the JRE. On most systems this file is stored in the path lib/security/java.policy, relative to your JRE directory. We can edit policy files using your preferred editor or the policytool program supplied with your JRE.
You need to give authority to the com.ibm.mq.jar and com.ibm.mqjms.jar files so that they can:

Create sockets (in client mode)
Load the native library (in bindings mode)
Read various properties from the environment

The system property os.name must be available to the WebSphere MQ Java classes when running under the Java 2 Security Manager.
Here is an example of a policy file entry that allows WebSphere MQ Java to run successfully under the default security manager. Replace the string /opt/mqm in this example with the location where WebSphere MQ Java is installed on your system.
grant codeBase "file:/opt/mqm/java/lib/com.ibm.mq.jar" {
  permission java.net.SocketPermission "*","connect";
  permission java.lang.RuntimePermission "loadLibrary.*";
};

grant codeBase "file:/opt/mqm/java/lib/com.ibm.mqjms.jar" {
  permission java.util.PropertyPermission "MQJMS_LOG_DIR","read";
  permission java.util.PropertyPermission "MQJMS_TRACE_LEVEL","read";
  permission java.util.PropertyPermission "MQJMS_TRACE_DIR","read";
  permission java.util.PropertyPermission "MQ_JAVA_INSTALL_PATH","read";
  permission java.util.PropertyPermission "file.separator","read";
  permission java.util.PropertyPermission "os.name","read";
  permission java.util.PropertyPermission "user.name","read";
  permission java.util.PropertyPermission "com.ibm.mq.jms.cleanup","read";
  permission java.util.PropertyPermission "com.ibm.mq.localaddress","read";
};
This example of a policy file enables the WebSphere MQ Java classes to work correctly under the security manager, but you might still need to enable your own code to run correctly before your applications will work.
The sample code shipped with WebSphere MQ Java has not been specifically enabled for use with the security manager; however the IVT tests run with the above policy file and the default security manager in place.

uj10360_