Configuring static policy files

Before you begin

Java 2 security uses several policy files to determine the granted permission for each Java program. See the Java 2 security policy files article for the list of available policy files supported by WebSphere Application Server Version 5.

There are two types of policy files supported by WebSphere Application Server Version 5, dynamic policy files and static policy files. Static policy files provide the default permissions. Dynamic policy files provide application's permissions.

Policy file name Description
java.policy Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy Contains default permissions for all of the WebSphere Application Server programs on the node. This files is rarely updated.
client.policy Contains default permissions for all of the applets and client containers on the node.


The static policy file is not a configuration file managed by the repository and the file replication service. Changes to this file are local and do not get replicated to the other machine.

Steps for this task

  1. Identify the policy file to update.
  2. Stop and restart the WebSphere Application Server.

Results

The required permission is granted for all of the Java programs running with the restarted JVM.

Example

java.security.AccessControlException: access denied (java.io.FilePermission 
C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar read)

When a Java program receives this exception and adding this permission is justified, add a permission to an adequate policy file, for example:

grant codeBase "file:<user client installed location>" {
  permission java.io.FilePermission 
  "C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar", 
  "read";
};
To decide whether to add a permission, refer to AccessControlException.


Related concepts
Java 2 security policy files
Java 2 security policy files
AccessControlException
Related tasks
Configuring Java 2 security
Using PolicyTool to edit policy files
Related reference
Java 2 security



Searchable topic ID:   tsecstaticpolicy
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tsec_staticpolicy.html

Library | Support | Terms of Use | Feedback