By default, Java applications have no security restrictions
placed on activities requested of the Java API. To use Java security
to protect a Java application from performing potentially unsafe actions,
you can enable a security manager for the JVM in which the application
runs.
About this task
The security manager enforces a security policy, which
is a set of permissions (system access privileges) that are assigned
to code sources. A default policy file is supplied with the Java platform.
However, to enable Java applications to run successfully in CICS when
Java security is active, you must specify an additional policy file
that gives CICS the permissions it requires to run the application.
You must specify this additional policy file for each kind of
JVM that has a security manager enabled. CICS provides some examples
that you can use to create your own policies.
Notes: - The OSGi security agent example creates an OSGi middleware bundle
called com.ibm.cics.server.examples.security in
your project that contains a security profile. This profile applies
to all OSGi bundles in the framework in which it is installed.
- The example.permissions file contains permissions
that are specific to running applications in a JVM server, including
a check to ensure that applications do not use the System.exit() method.
- CICS must have read and execute access to the directory in zFS
where you deploy the OSGi bundle.
For applications that run in the OSGi framework of
a JVM server:
Procedure
- Create a plug-in project in the CICS Explorer® SDK and select the supplied OSGi security agent example.
- In the project, select the example.permissions file to edit the permissions for your security policy.
- Deploy the OSGi bundle to a suitable directory in zFS.
- Edit the JVM profile for the JVM server to add the OSGi
bundle to the OSGI_BUNDLES option before any other
bundles:
- OSGI_BUNDLES=/u/bundles/com.ibm.cics.server.examples.security_1.0.0.jar,/usr/lpp/cicsts42/lib/com.ibm.cics.db2.jcc.jar
- Add the following Java environment variable to
the JVM profile to enable security in the OSGi framework:
- org.osgi.framework.security=osgi
- Save your changes and enable the JVMSERVER resource to
install the middleware bundle in the JVM server.
Results
When the Java application is called, the JVM determines the
code source for the class and consults the security policy before
granting the class the appropriate permissions.