WebSphere Application Server Network Deployment, Version 6.0.x   Operating Systems: AIX, HP-UX, Linux, Solaris, Windows
             [TIP: Focusing the table of contents and search results]

Configuring static policy files

By configuring the static policy files, the required permission will be granted for all of the Java programs.

Before you begin

Java 2 security uses several policy files to determine the granted permission for each Java program.
Two types of policy files are supported by WebSphere Application Server: dynamic policy files and static policy files. Static policy files provide the default permissions. Dynamic policy files provide application permissions.
Policy file name Description
java.policy Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy Contains default permissions for all of the WebSphere Application Server programs on the node. This file is rarely updated.
client.policy Contains default permissions for all of the applets and client containers on the node.
The static policy file is not a configuration file that is managed by the repository and the file replication service. Changes to this file are local and do not get replicated to the other machine.

Procedure

  1. Identify the policy file to update.
  2. Stop and restart WebSphere Application Server.

Results

The required permission is granted for all of the Java programs that run with the restarted JVM.

Example

If Java programs on a node require permissions, the policy file needs updating. If the Java program that required the permission is not part of an enterprise application, update the static policy file. The missing permission results in the creation of the java.security.AccessControlException exception. The missing permission is listed in the exception data.
For example:
java.security.AccessControlException: access denied (java.io.FilePermission 
C:/WAS_HOME/lib/mail-impl.jar read)

When a Java program receives this exception and adding this permission is justified, add a permission to an adequate policy file.

For example:
grant codeBase "file:user_client_installed_location" {
  permission java.io.FilePermission 
  "C:/WAS_HOME/lib/mail-impl.jar", 
  "read";
};



Sub-topics
java.policy file permissions
server.policy file permissions
client.policy file permissions
Related tasks
Using PolicyTool to edit policy files
Protecting system resources and APIs (Java 2 security)
Task topic    

Terms of Use | Feedback

Last updated: Mar 8, 2007 8:14:28 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_staticpolicy.html

© Copyright IBM Corporation 2002, 2006. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)