Considering a Domino upgrade to 9.0.1 FP1 or 9.0.2? Beware of custom Java security policies

If you have custom Java security policies in place on your Domino server (either through a modified java.policy or java.pol file) you might want to read this before you upgrade.

When I want to change to Java security policy on a Domino server I create a java.pol file in the jvm/lib/security folder and add everything I want. That folder also contains the default java.policy file, but you don’t want to add your changes in there: that file tends to get overwritten when doing a server upgrade.

Yesterday I got a report from a customer of an error message they received when using one of my applications. That error message (java.lang.reflect.InvocationTargetException) sounded like something was wrong with the Java security policy in place. I checked and was right: the java.pol file was gone! They recently upgraded from 9.0.1 to 9.0.1FP1 so I suspected that to have caused it. Strange, because with previous upgrades I’m sure that the file wasn’t touched.

So I tested it myself: I monitored the jvm/lib/security folder while installing the fix pack on a 9.0.1 (Windows 32 bit) server. What I saw is that during the install Windows explorer automatically redirects me from that folder to the Domino program folder, so it looks like the incremental installer completely deletes and reinstalls that folder.

Browsing through the fix list database I found this: SPR #KLYH9FNKLW: the JVM is upgraded in 9.0.1FP1 to 1.6 SR15FP1. That’s what probably caused this changed behaviour. That fix is also in 9.0.2 (not released yet) so I guess you’ll see the same behaviour when upgrading to that version. Just something to be aware of…