Chapter 5. Java Security Manager (probably in section 5.2. About Java Security Manager Policies or 5.3. Run JBoss EAP 6 Within the Java Security Manager) should contain any mention about difference between using "=" and "==" in setting of java.security.policy property. Using java.security.policy==some.policy means that security manager uses only policy file which is set in java.security.policy property. Using java.security.policy=some.policy means that security manager uses policy from java.security.policy combined with policy set in policy.url part of java.home/lib/security/java.security. You can see at http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs to part "Specifying an Additional Policy File at Runtime" for this information. It can be a little confuse and I think it should be documented on some of places mentioned above.