2.3. Run JBoss EAP 6 Within the Java Security Manager

download PDF
To specify a Java Security Manager policy, you need to edit the Java options passed to the domain or server instance during the bootstrap process. For this reason, you cannot pass the parameters as options to the or scripts. The following procedure guides you through the steps of configuring your instance to run within a Java Security Manager policy.


  • Before you following this procedure, you need to write a security policy, using the policytool command which is included with your Java Development Kit (JDK). This procedure assumes that your policy is located at EAP_HOME/bin/server.policy. As an alternative, write the security policy using any text editor and manually save it as EAP_HOME/bin/server.policy
  • The domain or standalone server must be completely stopped before you edit any configuration files.
Perform the following procedure for each physical host or instance in your domain, if you have domain members spread across multiple systems.

Procedure 2.1. Configure the Security Manager for JBoss EAP 6

  1. Open the configuration file.

    Open the configuration file for editing. This file is located in one of two places, depending on whether you use a managed domain or standalone server. This is not the executable file used to start the server or domain.
    • Managed Domain

      • For Linux: EAP_HOME/bin/domain.conf
      • For Windows: EAP_HOME\bin\domain.conf.bat
    • Standalone Server

      • For Linux: EAP_HOME/bin/standalone.conf
      • For Windows: EAP_HOME\bin\standalone.conf.bat
  2. Add the Java options to the file.

    To ensure the Java options are used, add them to the code block that begins with:
    if [ "x$JAVA_OPTS" = "x" ]; then
    You can modify the value to specify the exact location of your security policy. It should go onto one line only, with no line break. Using == when setting the property specifies that the security manager will use only the specified policy file. Using = specifies that the security manager will use the specified policy combined with the policy set in the policy.url section of JAVA_HOME/lib/security/


    JBoss Enterprise Application Platform releases from 6.2.2 onwards require that the system property jboss.modules.policy-permissions is set to true.

    Example 2.1. domain.conf

    JAVA_OPTS="$JAVA_OPTS$PWD/server.policy -Djboss.home.dir=/path/to/EAP_HOME -Djboss.modules.policy-permissions=true"

    Example 2.2. domain.conf.bat

    set "JAVA_OPTS=%JAVA_OPTS%\path\to\server.policy -Djboss.home.dir=\path\to\EAP_HOME -Djboss.modules.policy-permissions=true"

    Example 2.3. standalone.conf

    JAVA_OPTS="$JAVA_OPTS$PWD/server.policy -Djboss.home.dir=$JBOSS_HOME -Djboss.modules.policy-permissions=true"

    Example 2.4. standalone.conf.bat

    set "JAVA_OPTS=%JAVA_OPTS%\path\to\server.policy -Djboss.home.dir=%JBOSS_HOME% -Djboss.modules.policy-permissions=true"
  3. Start the domain or server.

    Start the domain or server as normal.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.