Domino 11.0 does not support java.pol

January 2nd, 2020

When running Java and XPages on Domino it is sometimes required to loosen up the Java security restrictions by editing the jvm/lib/security/java.policy file or by adding a java.pol file with the required changes.

But on HCL Domino 11.0 it is no longer supported to use a java.pol file since the java.security file in Domino 11.0 on longer includes a reference to a java.pol file. This (unfortunate) change is related to the move from the IBM JRE to the AdoptOpenJDK JRE.

In a future release of HCL Domino this could be re-introduced if HCL adds support for it in the java.security file. I have created an idea on re-adding support for it.

Thanks to Daniele Vistalli for pointing out that you can use the option to add a modified java.policy file to the home directory of the user running the Domino instance since the java.security file still includes this option:

policy.url.2=file:${user.home}/.java.policy

On my Windows Server the Domino service runs under the local system account and the home directory of the local system account is C:\Windows\System32\config\systemprofile. So by adding a modified .java.policy file to this directory, it does indeed work (notice that the file must be called .java.policy according to policy.url.2 in java.security).

Tags: , ,

4 Responses to “Domino 11.0 does not support java.pol”

  1. Daniele Vistalli Says:

    I checked what you noticed and I think we still have a way around it.

    in java.security we have the following line

    policy.url.2=file:${user.home}/.java.policy

    This means that if you place your java.pol contnet in ".java.policy" file in the home directory of the user running domino/notes.... you're safe & happy.

    Is this a decent workaround ?

  2. Per Henrik Lausten Says:

    Hi Daniele, this is indeed a decent workaround.

    On my Windows Server the Domino service runs under the local system account and the home directory of the local system account is C:\Windows\System32\config\systemprofile. So by adding a modified .java.policy file to this directory, it does indeed work (notice that the file must be called .java.policy according to policy.url.2 in java.security).

  3. Daniele Vistalli Says:

    Great to hear it works. Btw I just voted your AHA Idea, having it managed the "right way" is the way to go.

  4. Urs Meli Says:

    You could also just add the missing policy.url.3=file:${java.home}/lib/security/java.pol in the java.security file

Leave a Reply