Configure static policy files

Configure static policy files

Before you begin
Java 2 security uses several policy files to determine the granted permission for each Java program. See the Java 2 security policy files article for the list of available policy files supported by WAS V6.
There are two types of policy files supported by WAS Version 6, dynamic policy files and static policy files. Static policy files provide the default permissions. Dynamic policy files provide application's permissions.

Policy file name Description

java.policy Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy Contains default permissions for all of the WAS programs on the node. This files is rarely updated.
client.policy Contains default permissions for all of the applets and client containers on the node.
The static policy file is not a configuration file managed by the repository and the file replication service. Changes to this file are local and do not get replicated to the other machine.

Procedure

Identify the policy file to update.

If the permission is required only by an application, update the dynamic policy file. Refer to Configuring Java 2 security policy files.
If the permission is required only by applets and client containers, update the client.policy file. Refer to Configuring client.policy files.
If the permission is required only by WebSphere Application Server (servers, agents, managers and application servers), update the server.policy file. Refer to Configuring server.policy files.
If the permission is required by all of the Java programs running on the Java virtual machine (JVM), update the java.policy file. Refer to Configuring java.policy files.

Stop and restart the WebSphere Application Server.

Result
The required permission is granted for all of the Java programs running with the restarted JVM.

Example

java.security.AccessControlException: access denied (java.io.FilePermission
C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar read)

When a Java program receives this exception and adding this permission is justified, add a permission to an adequate policy file, for example:
grant codeBase "file:<user client installed location>" {
permission java.io.FilePermission
"C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar",
"read";
}; To decide whether to add a permission, refer to Access control exception.

See also

Configuring java.policy files
Configuring server.policy files
Configuring client.policy files

See Also

Java 2 security policy files
Access control exception

Related Tasks

Configuring Java 2 security
Using PolicyTool to edit policy files

See Also

Java 2 security

Policy file name	Description
java.policy	Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy	Contains default permissions for all of the WAS programs on the node. This files is rarely updated.
client.policy	Contains default permissions for all of the applets and client containers on the node.