As an alternative to using the java.security.policy system property in a JVM properties file to specify additional policy files, you can name the additional policy files in the JVM default security properties file, which applies to all JVMs. This file is where the default Java 2 security manager looks for the name of the default policy file, which it always uses to determine the security policy for a JVM.
/usr/lpp/java142/J1.4/lib/security/java.security
where the java142/J1.4 subdirectory names are
the default values when you install the IBM® Software Developer Kit for z/OS®, Java™ 2 Technology Edition, Version 1.4.2.The default security properties file already includes the name of the default policy file, /usr/lpp/java142/J1.4/lib/security/java.policy. You can add the names of additional policy files, and the security manager will then use these files, as well as the default policy file, to determine the security policy for all JVMs. The security manager will also refer to any policy files that you have specified in the JVM properties file for a particular type of JVM.
policy.url.n=URL
where n represents
the precedence number for the order in which the policies should be loaded.
The location of a policy file is specified as a URL, so policy files do not
need to be stored in the local file system.Note that the precedence numbers must be serial and continuous. For example, if policy.url.1 and policy.url.3, are present, but policy.url.2 is missing, then policy.url.3 is ignored and only policy.url.1 is considered.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
policy.url.3=file:/usr/lpp/cicsts/cicsts31/lib/security/dfejbpl.policy
where cicsts31 is your chosen value for the
USSDIR installation parameter that you defined when you installed CICS TS.
It is specified as policy.url.3 because two other policy files
are already specified. You can substitute the path to your own policy file
in place of dfjejbpl.policy, or add further entries to specify
additional policy files.java.security.policy==/usr/lpp/cicsts/cicsts31/lib/security/dfejbpl.policy
then the security manager ignores any policy files that are specified
in the java.security file, and uses only dfjejbpl.policy to
determine the security policy for the JVM. However, you should bear in mind
that if you bypass the default security properties file, the security manager
will not grant any permissions that are specified in that file; it will only
grant the permissions that are specified in your own policy file.