By default in the “developer” profile of GlassFish, there is no security manager in place, but there is a policy file ready to use in (with the appropriate
-Djava.security.policy= option in
To add a security manager, simply start GlassFish with this additional startup option:
domain.xml or better yet, use
asadmin create-jvm-options -Djava.security.manager)
Any subsequent attempt to call
System.exit() will trigger the following error message:
java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.0)
… with the stack trace leading back to the faulty code.
Update: as a reminder on security managers, they can be very useful (if not life saviors) but they do come at a performance price. Check out this short GlassFish documentation page to understand the implications of using a security manager.