Per Henrik Lausten

When running Java and XPages on Domino it is sometimes required to loosen up the Java security restrictions by editing the jvm/lib/security/java.policy file or by adding a java.pol file with the required changes.

But on HCL Domino 11.0 it is no longer supported to use a java.pol file since the java.security file in Domino 11.0 on longer includes a reference to a java.pol file. This (unfortunate) change is related to the move from the IBM JRE to the AdoptOpenJDK JRE.

In a future release of HCL Domino this could be re-introduced if HCL adds support for it in the java.security file. I have created an idea on re-adding support for it.

Thanks to Daniele Vistalli for pointing out that you can use the option to add a modified java.policy file to the home directory of the user running the Domino instance since the java.security file still includes this option:

policy.url.2=file:${user.home}/.java.policy

On my Windows Server the Domino service runs under the local system account and the home directory of the local system account is C:\Windows\System32\config\systemprofile. So by adding a modified .java.policy file to this directory, it does indeed work (notice that the file must be called .java.policy according to policy.url.2 in java.security).

Update January 2022:

As of Domino 12.0.1 support for java.pol is back. The java.security file now contains a reference to a java.pol in the same directory as the java.security/java.policy files:
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:${user.home}/.java.policy

Tags: HCL Domino, Java, XPages

This entry was posted on Thursday, January 2nd, 2020 at 17:21. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.