EAP fails to boot when using an invalid security manager configuration in EAP 8.1 Update 6+

Solution Verified - Updated 5 May 2026

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 8.1 Update 6

Issue

EAP fails to boot when using an invalid security manager configuration in EAP 8.1 Update 6+

standalone.sh -secmgr

        <subsystem xmlns="urn:jboss:domain:security-manager:1.0">
            <deployment-permissions>
                <minimum-set>
                    <permission class="java.io.FilePermission" name="${jboss.modules.dir}/-" actions="read"/>
                </minimum-set>

                <maximum-set>
                    <permission class="java.security.AllPermission"/>
                </maximum-set>
            </deployment-permissions>
        </subsystem>

...
ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 69) WFLYCTL0013: Operation ("add") failed - address: ([("subsystem" => "security-manager")]) - failure description: "WFLYCTL0211: Cannot resolve expression '${jboss.modules.dir}/-'"
...
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) "WFLYCTL0193: Failed executing subsystem security-manager boot operations"
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("parallel-subsystem-boot") failed - address: ([]) - failure description: "\"WFLYCTL0193: Failed executing subsystem security-manager boot operations\""
ERROR [org.jboss.as.server] (ServerService Thread Pool -- 43) WFLYSRV0022: Deploy of deployment "test.war" was rolled back with no failure message
...
FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. - Server configuration file in use: standalone.xml
...

Resolution

Look for the error message such as WFLYCTL0013 complaining about the issue in the security-manager subsystem and correct the configuration.

Root Cause

The subsystem configuration is not correct, the usage of jboss.modules.dir looks as an implicit value that should be resolved by the server, but it is not implicit: the user should provide its value via command line or system property, so the problem with that subsystem configuration is that the jboss.modules.dir value is not available.

The security manager is enabled and there is invalid configuration, for security reasons the server fails to start until the configuration is corrected to ensure there is not a security hole due to the invalid configuration.

This content is not included.WFCORE-7335 - Block deployments if the security manager subsystem has invalid config and the security manager is enabled

SBR

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.