Users can configure Java 2 security policy files so that the required permission is granted for the specified WebSphere Application Server enterprise application.
Policy file name | Description |
---|---|
app.policy | Contains default permissions for all of
the enterprise applications in the cell. Note: Updates to the app.policy file
only apply to the enterprise applications on the node to which the app.policy file
belongs.
|
was.policy | Contains application-specific permissions for an WebSphere Application Server enterprise application. This file is packaged in an enterprise archive (EAR) file. |
ra.xml | Contains connector application specific permissions for a WebSphere Application Server enterprise application. This file is packaged in a resource adapter archive (RAR) file. |
spi.policy | Contains permissions for Service Provider Interface (SPI) or third-party resources that are embedded in WebSphere Application Server. The default contents grant everything. Update this file carefully when the cell requires more protection against SPI in the cell. This file is applied to all of the SPIs that are defined in the resources.xml file. |
library.policy | Contains permissions for the shared library of enterprise applications. |
filter.policy | Contains the list of permissions that require filtering from the was.policy file and the app.policy file in the cell. This filtering mechanism only applies to the was.policy and app.policy files. |
grant codeBase "file:${application}" { permission java.lang.RuntimePermission "stopThread"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "modifyThreadGroup"; };
If an WebSphere Application Server enterprise application in a cell requires permissions, some of the dynamic policy files need updating. The symptom of the missing permission is the java.security.AccessControlException exception. The missing permission is listed in the exception data.
java.security.AccessControlException: access denied (java.io.FilePermission C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar read)
The previous two lines were split onto two lines because of the width of the page. Enter the permission on one line.
When a Java program receives this exception and adding this permission is justified, add a permission to an adequate dynamic policy file.
grant codeBase "file:user_client_installed_location" { permission java.io.FilePermission "C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar", "read"; };
The previous permission information lines were split onto more than one line because of their length. Enter the permission on one line.
To decide whether to add a permission, refer to the Access control exception topic.
In this information ...Subtopics
| IBM Redbooks, demos, education, and more(Index) |