Why and when to perform this task
Java 2 security uses several policy files to determine the granted permission for each Java program. See Java 2 security policy files for the list of available policy files supported by WebSphere Application Server Version 6.0.x. The server.policy file is a default policy file shared by all of the WebSphere servers on a node. The server.policy file is not a configuration file managed by the repository and the file replication service. Changes to this file are local and do not replicate to the other machine.Step for this task
Result
An updated server.policy file is applied to all the server programs on the local node. Restart the servers for the updates to take effect.Example
If you want to add permissions to an application, use the app.policy file and the was.policy file.
server.policyinstall_root/properties/server.policy// Allow to use sun tools
grant codeBase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
// WebSphere system classes
grant codeBase "file:${was.install.root}/lib/-" {
permission java.security.AllPermission;
};
grant codeBase "file:${was.install.root}/classes/-" {
permission java.security.AllPermission;
};
// Allow the WebSphere deploy tool all permissions
grant codeBase "file:${was.install.root}/deploytool/-" {
permission java.security.AllPermission;
};
java.security.AccessControlException: access denied (java.io.FilePermission C:\WebSphere\AppServer\java\jre\lib\ext\mail-impl.jar read)
The previous two lines are split into two lines for illustrative purposes only.
grant codeBase "file:user_client_installed_location" { permission java.io.FilePermission "C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar", "read"; };
To decide whether to add a permission, refer to Access control exception.
What to do next
Restart all of the Java processes for the updated server.policy file to take effect.Related concepts
Java 2 security policy files
Access control exception
Related tasks
Migrating security configurations from previous releases
Configuring app.policy files
Configuring client.policy files
Configuring filter.policy files
Configuring java.policy files
Using Policy Tool to edit policy files