Anil Saldhana [https://community.jboss.org/people/anil.saldhana] created the document: "AS8: JBoss Security Manager Implementation Plan" To view the document, visit: https://community.jboss.org/docs/DOC-48386 -------------------------------------------------------------- This wiki article will propose an implementation plan for the security manager related changes for JBoss AS8. h2. Background Please follow https://community.jboss.org/docs/DOC-48383 https://community.jboss.org/wiki/AS8JBossSecurityManagerDiscussion   for some background information. Goal is to minimize the global policy file +historic+ approach and adapt the Java Security Manager infrastructure in AS8 to a more modular approach. h2. Approach * We will have a security manager subsystem to define the global permission collection that modules will inherit by default.  * module.xml can define the permission collection that governs the module.  This is what the ModuleClassLoader will return to the security manager when asked for permission collection. * EE deployments can do META-INF/permissions.xml (as per EE7).   The deployment permissions need to be merged into the module level permissions. h2. h2. Security Manager and Policy Implementation The JVM can run under a Java Security Manager via two options: * Pass  -Djava.security.manager as command option * Programmatically, call    System.setSecurityManager(securityManager) So we have two options to start the security manager in AS8.  (+I personally like the programmatic option that will let the JVM and JBoss Modules system to start up before the security manager is put into operation+). h3. Command Line Option When we use the command line option,  the default security manager implementation (that uses Sun PolicyFile implementation)   will use the java.policy file from jre/lib/security folder of the JVM to construct the permissions that the JVM will have in starting up.  This takes care of the JVM starting up. We will need to bootstrap the JBoss Modules system.  Now we have to think about providing the permissions for the jboss-modules.jar  The easiest way to achieve this is to add an entry into the java.policy file.   or  have a single entry in a policy file within the AS8 folders and mandate users not add/delete anything from this file.   This will get the JBoss Modules system starting. Once the module system is started,  we will use the programmatic stuff below. h3. Programmatic Option There will be a security manager subsystem defined in the domain model.   It will have a flag called *+enable+*  which by default will be +false+.   If the user configures the +enable+ flag to true,  the program will call +System.setSecurityManager()+,  if  +System.getSecurityManager() == null+. The security manager subsystem can define the permission block for use by default by the module class loader. -------------------------------------------------------------- Comment by going to Community [https://community.jboss.org/docs/DOC-48386] Create a new document in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=102&a...]