IBM Support

IBM Java: How to customize "java.policy" and avoid changes being overwritten

Technote (FAQ)


Question

What is the recommended method to implement changes to the defaults configured in ...\domino\jvm\lib\security\java.policy and avoid changes being overwritten?

Cause

Normal security for the JVM is controlled from the java.policy file for Notes and Domino. It can be necessary to customize the default rules in order to allow and run Java code in Domino applications.

The problem is that the java.policy will be replaced by any JVM update. Moreover, the new Notes and Domino JVM installer will abort if it detects a modified version of this file.


Answer

The IBM JVM provides the following option, which is configured in ...\domino\jvm\lib\security\java.security:

      # The default is to have a single system-wide policy file,

      # and a policy file in the user's home directory.

      policy.url.1=file:${java.home}/lib/security/java.policy

      policy.url.2=file:${java.home}/lib/security/java.pol

      policy.url.3=file:///${user.home}/.java.policy

The second policy.url line is an IBM extension, which allows you to add a file ...\domino\jvm\lib\security\java.pol. It has the same syntax as java.policy, but will not be removed or overwritten when JVM updates are installed.

The same is true for the third policy.url, which comes from Oracle by default. This points to the home directory for the account used to launch Domino. For example: ..\Windows\System32\config\systemprofile\.java.policy, when Domino is starting as a service, configured with system credentials.



Related information

How to use the IBM Notes & Domino JVM installer
Modified Java.Policy Ignored after Update to Domino 8.5

Document information

More support for: IBM Domino
Security

Software version: 8.5.3, 9.0

Operating system(s): Linux, Windows

Software edition: All Editions

Reference #: 1679242

Modified date: 17 August 2016