AppServer killed, no log! (reloaded)

In response to my previous blog about calling System.exit() from code hosted in an app server, Nicoz reminded me that this is one of the things security managers are meant for.

By default in the “developer” profile of GlassFish, there is no security manager in place, but there is a policy file ready to use in (with the appropriate -Djava.security.policy= option in domain.xml).

To add a security manager, simply start GlassFish with this additional startup option: -Djava.security.manager

(edit domain.xml or better yet, use asadmin create-jvm-options -Djava.security.manager)

Any subsequent attempt to call System.exit() will trigger the following error message:


java.security.AccessControlException: access denied (java.lang.RuntimePermission exitVM.0)


… with the stack trace leading back to the faulty code.

Update: as a reminder on security managers, they can be very useful (if not life saviors) but they do come at a performance price. Check out this short GlassFish documentation page to understand the implications of using a security manager.

Advertisements

Author: alexismp

Google Developer Relations in Paris.

2 thoughts on “AppServer killed, no log! (reloaded)”

Comments are closed.