Before you begin
Java 2 security uses several policy files to determine the permissions for each Java programs. See the Java 2 security policy files topic for the list of available policy files that are supported by WebSphere Application Server.Policy file name | Description |
---|---|
app.policy | Contains default permissions for all of the enterprise applications in the cell. |
was.policy | Contains application-specific permissions for an WebSphere Application Server enterprise application. This file is packaged in an enterprise archive (EAR) file. |
ra.xml | Contains connector application specific permissions for a WebSphere Application Server enterprise application. This file is packaged in a resource adapter archive (RAR) file. |
spi.policy | Contains permissions for Service Provider Interface (SPI) or third-party resources that are embedded in WebSphere Application Server. The default contents grant everything. Update this file carefully when the cell requires more protection against SPI in the cell. This file is applied to all of the SPIs that are defined in the resources.xml file. |
library.policy | Contains permissions for the shared library of enterprise applications. |
filter.policy | Contains the list of permissions that require filtering from the was.policy file and the app.policy file in the cell. This filtering mechanism only applies to the was.policy and app.policy files. |
grant codeBase "file:${application}" {
permission java.lang.RuntimePermission "stopThread";
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
};
Steps for this task
Add any permission that you never want granted to the WebSphere Application Server enterprise application in the cell to the filter.policy file. Refer to Configuring filter.policy files.
Result
The required permission is granted for the specified WebSphere Application Server enterprise application.Example
java.security.AccessControlException: access denied (java.io.FilePermission
C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar read)
The previous two lines were split onto two lines because of the width of the page. Enter the permission on one line.
grant codeBase "file:user_client_installed_location" {
permission java.io.FilePermission
"C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar", "read";
};
The previous two lines were split onto two lines because of the width of the page. Enter the permission on one line.
To decide whether to add a permission, refer to the Access control exception topic.
Related concepts
Java 2 security policy files
Access control exception
Related tasks
Migrating, coexisting, and interoperating – Security considerations
Configuring static policy files
Protecting system resources and APIs (Java 2 security)
Related reference
Java 2 security