I just looked through this tutorial:
http://java.sun.com/docs/books/tutorial/security/tour2/index.html
And there were curious about the basic concept of JAAS ... If you need to use each file with the flags '-Djava.security.manager -Djava.security.policy = ...', what provides security? Should the end user know when any Java application starts and change the executable / script / everything to enable these flags? Or, how does the developer ensure that the application starts with the security manager enabled?
The whole concept does not seem to me very functional - since it is not turned on by default ... Am I missing something?
source
share