When converting an enterprise archive (EAR) file to an enterprise bundle archive (EBA) file, you can have any Java™ 2 security settings converted automatically to OSGi, and then manually refine them to obtain the required OSGi security configuration.
In an enterprise application, the was.policy file defines Java 2 security permissions. In the was.policy file, you declare fine-grained security settings by using grant codeBase statements to grant permissions to application components.
In an OSGi application, permissions that define application-level security are specified in a permissions.perm file in the META-INF directory of the OSGi application. However, you can, in addition to the application-level permissions.perm file, create a permissions.perm file in the OSGI-INF directory of each bundle, to define finer-grained bundle-level access control.
When your Java 2 security settings in the was.policy are converted automatically, a permissions.perm file is created for you in the META-INF directory of the OSGi application. However, the automatic conversion process ignores grant codeBase statements, so that all the permissions in the was.policy file are copied to the permissions.perm file as application-level permissions. Therefore, you should, after conversion, review the permission settings in the permissions.perm file and move permissions to bundle-specific permissions.perm files as necessary.