By configuring the static policy files, the required permission
will be granted for all of the Java programs.
Before you begin
Java 2 security uses several policy files to determine the granted
permission for each Java program.
Two
types of policy files are supported by WebSphere Application Server: dynamic
policy files and static policy files. Static policy files provide the default
permissions. Dynamic policy files provide application permissions.
Policy file name |
Description |
java.policy |
Contains default permissions for all of
the Java programs on the node. This file seldom changes. |
server.policy |
Contains default permissions for all of
the WebSphere Application Server programs on the node. This file is rarely
updated. |
client.policy |
Contains default permissions for all of
the applets and client containers on the node. |
The static policy file is not a configuration file that is managed
by the repository and the file replication service. Changes to this file are
local and do not get replicated to the other machine.
Example
If Java programs on a node require permissions, the policy file
needs updating. If the Java program that required the permission is not part
of an enterprise application, update the static policy file. The missing permission
results in the creation of the java.security.AccessControlException exception.
The missing permission is listed in the exception data.
For
example:
java.security.AccessControlException: access denied (java.io.FilePermission
C:/WAS_HOME/lib/mail-impl.jar read)
When
a Java program receives this exception and adding this permission is justified,
add a permission to an adequate policy file.
For
example:
grant codeBase "file:user_client_installed_location" {
permission java.io.FilePermission
"C:/WAS_HOME/lib/mail-impl.jar",
"read";
};