jjs with support for Security Manager?

A. Sundararajan sundararajan.athijegannathan at oracle.com
Tue Feb 4 23:08:45 PST 2014


The -D System properties are set after jjs tool is initialized. If you 
want System properties to be initialized before VM is initialized, you 
should use -J-D.

     jjs -J-Djava.security.manager foo.js

This is true of all JDK bin tools. Any -J option is passed to the VM. 
So, for example,

     jjs -J-Xmx1g -J-Djava.security.manager foo.js

will set maximum heap size as well as set security manager with the 
default System policy.

Hope this helps,

On Wednesday 05 February 2014 07:38 AM, Bernd Eckenfels wrote:
> Hello,
> I tried to use jjs to do some tests with the Java security manager,
> however it does not completely work:
> a) when starting jjs with -Djava.security.manager no SM is installed:
> C:\Program Files\Java\jdk1.8.0\bin>jjs -Djava.security.manager
> jjs> java.lang.System.getSecurityManager()
> null
> This is normally the job of the launcher, so I guess this is a problem in the jjs binary.
> b) when installing the SM by hand it seems to have a deny-all policy:
> C:\Program Files\Java\jdk1.8.0\bin>jjs
> jjs> var Manager = Java.type("java.lang.SecurityManager")
> jjs> java.lang.System.setSecurityManager(new Manager)
> null
> jjs> java.lang.System.getSecurityManager()
> java.lang.SecurityManager at 51b279c
> jjs> java.lang.System.getPropert("java.version")
> java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.version" "read")
> jjs> exit()
> java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "exitVM.0")
> However I cannot use java.security.debug=all to see where the problem is. No idea why this is. Maybe it is related to the way system properties are set with jjs? Any ideas?
> Greetings
> Bernd

More information about the nashorn-dev mailing list