Josef Cacek

Use pro-grade policy generator in JBoss EAP 6.3+

This tutorial shows how to use pro-grade library to generate Java Policy File for JBoss EAP 6.3+.

Configuration is described for Linux/Unix systems. Use similar way for Windows - just edit batch files instead of bash scripts.

1. Prepare

Copy the pro-grade.jar to your JBoss EAP installation folder:

cp pro-grade.jar "$JBOSS_HOME/"

2. Change startup scripts

Replace all occurances of

-jar \"$JBOSS_HOME/jboss-modules.jar\"

in bin/standalone.sh and bin/domain.sh with

-cp \"$JBOSS_HOME/pro-grade.jar:$JBOSS_HOME/jboss-modules.jar\" org.jboss.modules.Main

For instance you can use following command:

sed -i -e 's#-jar \\"$JBOSS_HOME/jboss-modules.jar\\"#-cp \\"$JBOSS_HOME/jboss-modules.jar:$JBOSS_HOME/pro-grade.jar\\" org.jboss.modules.Main#' "$JBOSS_HOME/bin/standalone.sh"

3. Change configuration scripts

Configure the PolicyFileGeneratorJSM security managers in the JAVA_OPTS property in configuration files (bin/standalone.conf and/or bin/domain.conf).

I.e. Add following line to the end of $JBOSS_HOME/bin/standalone.conf:

JAVA_OPTS="$JAVA_OPTS -Djava.security.manager=net.sourceforge.prograde.sm.PolicyFileGeneratorJSM -Djava.security.policy==/dev/null -Dprograde.generated.policy=/tmp/pro-grade-eap63.policy"

The setting of java.security.policy system property to /dev/null using double equals (==) only means that we don't want to use any existing policy.

4. Use the JBoss EAP application server

Start the JBoss EAP


use it and then stop it

$JBOSS_HOME/bin/jboss-cli.sh -c :shutdown

5. Check the generated policy file

There should be a generated plain-text file /tmp/pro-grade-eap63.policy.

6. Use the generated policy

Replace the last line in $JBOSS_HOME/bin/standalone.conf (we added in step 3) with:

JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djava.security.policy==/tmp/pro-grade-eap63.policy"

and start the server



Wiki: Home

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks