An issue was identified in using the special prefix of `=` to disable the default policy files. The underlying cause was that when the Host Controller started a server, it provided `null` as the value of the `java.security.policy` setting, leading to the use of the policy files specified in the java.security file and possibly permission failures preventing server booting.
This issue was fixed by modifying parsing of system properties so that the value of a system property whose value begins with "=" is no longer reset to `null` by the Host Controller when starting a server.
When a security manager is installed, by default the VM reads policy files specified in the VM installation's java.security file. By default this includes the following:
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
The user can also specify a policy file to use via system property java.security.policy. A special behavior of the value of that system property is if it starts with "=" then the policy files specified in java.security are ignored, and only the file set via the java.security.policy system property are used.
For example, this disables the use of the defaults:
See http://docs.oracle.com/javase/6/docs/technotes/guides/security/PolicyFiles.html for full details.
The bug is the Host Controller process' Main class handles parsing of system properties such that the value of a system property whose value begins with "=" instead becomes null. This causes the specified property file to be ignored, likely leading to permission problems on the host's servers, e.g.:
[Server:server-one] Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission module.path write)
[Server:server-one] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:376)
[Server:server-one] at java.security.AccessController.checkPermission(AccessController.java:549)
[Server:server-one] at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[Server:server-one] at java.lang.System.setProperty(System.java:741)
[Server:server-one] at org.jboss.modules.Main.main(Main.java:148)
Fix is present in the delivered bits. Verified.