Security Manager

Transformer includes a Java Security Manager that is enabled by default. For enhanced security, you can enable the Transformer Security Manager which prevents stages from accessing files in protected Transformer directories.

Transformer can use one of the following security managers:

Java Security Manager

By default, Transformer uses the Java Security Manager. The Java Security Manager restricts the runtime permissions of user libraries. This allows administrators to control user libraries actions on production systems. For example, by default, user libraries cannot call out to network resources and potentially cause denial-of-service (DDoS) attacks.

The security policy is defined in the $TRANSFORMER_CONF/transformer-security.policy fileSecurity Policy configuration properties of the deployment. The file syntax is java standard.

Transformer Security Manager

For enhanced security, enable the Transformer Security Manager. The Transformer Security Manager prevents stages from accessing files in protected Transformer directories, regardless of how the $TRANSFORMER_CONF/transformer-security.policy fileSecurity Policy configuration properties of the deployment isare defined.

To enable the Transformer Security Manager, uncomment the security_manager.transformer_manager.enable property in the Transformer configuration file, $TRANSFORMER_CONF/transformer.propertiesTransformer configuration properties of the deployment.

Note: If you use an older JVM version, the Transformer Security Manager might encounter some JVM known issues.

If needed, you can configure Transformer to use neither security manager by setting the TRANSFORMER_SECURITY_MANAGER_ENABLED environment variable to false.

Modify environment variables using the method required by your installation type.