Certain Java virtual machine (JVM) configuration settings, when set by an application, can cause server-wide issues because the system properties apply to the entire JVM. Any required JVM configuration should be done on the server itself, and not from within the application.

This rule flags the java.lang.System.setProperty method with keys that match the following:

• javax.net.ssl.keyStore
• javax.net.ssl.keyStoreType
• javax.net.ssl.keyStorePassword
• javax.net.ssl.trustStore
• javax.net.ssl.trustStoreType
• javax.net.ssl.trustStorePassword
• javax.xml.soap.SOAPFactory
• javax.xml.parsers.DocumentBuilderFactory
• javax.xml.parsers.SAXParserFactory

This rule also flags all invocations of the System.setSecurityManager() method.

For information about configuring the JVM for WebSphere traditional see Configuring the JVM.

For information about configuring the JVM for Liberty see Customizing the Liberty environment.