I've worked with policy files before so I am not new to this subject. I am currently crafting a new policy file to be used for an app under JBoss 5.1.0. Yes I have specified both java.security.manager and java.security.policy and yes I verified that the policy file's being read (I intentionally put in invalid content to verify this), however it does not seem to be working!!!
My ultimate objective is to prevent some foreign code that we are forced to use from calling System.exit by not including the exitVM permission on the policy file. Now I have started simple by having a policy file that only allows the read write Permission and a couple of other basic permissions, but the app which includes EJBs, JPA (Hibernate), etc (quite a complex application) came up with no problems whatsoever (I would have thought that without the ClassLoader related permissions, things would have bombed big time) and yes I was able to cause a System.exit.
Can someone please help in this? Is some code somewhere inside JBoss setting the SecurityManager to null?
Fixed. I had specified the options as part of run.bat. Instead I need to put those as part of run.conf.bat