To the application with a security manager the option "-secmgr" must be specified to jboss-modules. Right now the startup scripts do not have a configuration variable that allows for passing options to jboss-modules. The scripts should contain usage of MODULES_OPTS, so it can be specified in the conf files.
https://github.com/jbossas/jboss-eap/pull/1516 replaces 1509. From talks with QE -Djava.security.manager should remain the primary mechanism for EAP 6.3. It is too late in the process to change this and to recommend -secmgr as the primary mechanism. The PR allows passing in of -secmgr via module options. For standalone mode this is trivial. For domain mode, again -secmgr can be passed in via module options. Now from the PR two things can happen: 1) In the absence of -Djava.security.manager in the host controller options this (-secmgr) is propagated throughout the domain to the host controller and the servers. Note that it is not possible to determine if -secmgrmodule was used, so in effect this will be translated into a plain -secmgr. This should be fine for 6.3.0 since https://bugzilla.redhat.com/show_bug.cgi?id=1117862#c2 indicates that the MODULES_OPT is unsupported. 2) If -Djava.security.manager is present in the host controller options, then no -secmgr is added to the host-controller or its servers. In other words security manager propagation will work in a domain as it has been up to this point.
Verification failed due to bug 1145960.
Moving back to modified since linked issue is at modified.
Verified in EAP 6.4.0.DR11.