By configuring the static policy files, the required permission
will be granted for all of the Java programs.
Before you begin
Java 2 security uses
several policy files to determine the granted permission for each Java program.
See the topic about
Java 2 security policy files for the list of available policy files
that are supported by WebSphere® Application
Server.
Two types of policy files are supported by WebSphere Application Server: dynamic policy
files and static policy files. Static policy files provide the default
permissions. Dynamic policy files provide application permissions.
Table 1. Policy Files. This table
lists the policy files.Policy file name |
Description |
java.policy |
Contains default permissions for all of the Java programs on the node. This
file seldom changes. |
server.policy |
Contains default permissions for all of the WebSphere Application Server
programs on the node. This file is rarely updated. |
client.policy |
Contains default permissions for all of the
applets and client containers on the node. |
The static policy file is not a configuration file that is
managed by the repository and the file replication service. Changes
to this file are local and do not get replicated to the other machine.
Procedure
- Identify the policy file to update.
- Stop and restart WebSphere Application
Server.
Results
The required permission is granted for all of the Java programs that run with the
restarted JVM.
Example
If Java programs on
a node require permissions, the policy file needs updating. If the Java program that required the permission
is not part of an enterprise application, update the static policy
file. The missing permission results in the creation of the java.security.AccessControlException
exception. The missing permission is listed in the exception data.
![[IBM i]](../images/iseries.gif)
For
example:
java.security.AccessControlException: access denied (java.io.FilePermission
app_server_root/lib/mail-impl.jar read)
When
a Java program receives this
exception and adding this permission is justified, add a permission
to an adequate policy file.
![[IBM i]](../images/iseries.gif)
For example:
grant codeBase "file:user_client_installed_location" {
permission java.io.FilePermission
"app_server_root/Base/lib/mail-impl.jar",
"read";
};
To decide whether to add a permission, refer to Access
control exception for Java 2 security.