Does anyone know of mechanisms to automate the generation of security policy files for a Java application, especially that of J2EE/JEE applications?
Are there tips that can be observed to generate accurate policy files without requiring an application to be rigorously tested with a near 100% coverage?
Answering my own question here.
An IBM alphaWorks project - SWORD4J, allows for generation of policy files. It does a pretty decent job, for most applications. For J2EE applications, it does have the tendency to generate policy files that contain permissions already available to all applications. For instance, it generates policy files with SocketPermissions when one needs to perform a JNDI lookup against the JNDI registry of the application server.