Example: Enable Java 2 security prior to J2EE application client runtime initialization

Example: Enable Java 2 security prior to J2EE application client runtime initialization

To enable Java 2 security prior to J2EE application client runtime initialization, set the com.ibm.websphere.client.applicationclient.archivedir system property. Perform the following steps:

Set the system property to the directory that the Enterprise Archive (EAR) should be expanded. For example:

-Dcom.ibm.websphere.client.applicationclient.archivedir=/home/homedir (iSeries)

-Dcom.ibm.websphere.client.applicationclient.archivedir=c:\myear1 (Windows)

-Dcom.ibm.websphere.client.applicationclient.archivedir=/usr/mrear1 (Unix)

Set the java.security.policy system property to use the was_home/properties/client.policy file, where was_home is the installation path of your WAS. For example:

-Djava.security.policy=$was_home/properties/client.policy (iSeries or Unix)

-Djava.security.policy=%was_home%\properties\client.policy (Windows)

The following effects are incurred when the com.ibm.websphere.client.applicationclient.archivedir system property is set:

If the directory does not exist or if it is empty, the EAR file is extracted to the directory.

If the EAR file was previously extracted, it is reused. This occurs even if the EAR file specified on the command line is different from the previously extracted EAR file.

The security manager grants the permissions from the client.policy file to the directory and all subdirectories.

There are two types of EAR files. The first type of EAR file is a single file that contains all enterprise application files. The second type of EAR file is a set of directories and subdirectories.

The following applies only if you are using the single file EAR file form:

To update your EAR file, first delete the directory to which it was extracted.

The new EAR file is placed in the directory the next time it is extracted. If you do not delete the directory or change the system property value to point to a different temporary directory,the old EAR file is reused, and your new EAR file is not used.

When you specify the com.ibm.websphere.client.applicationclient.archivedir system property value, make sure that the directory you specify is unique for each EAR file that is used. For example, do not specify MyEar1.ear and MyEar2.ear to extract to the same directory.

You must create all directories up to, but not including, the last directory. For example, if the following was set:

com.ibm.websphere.client.applicationclient.archivedir=/usr/myears /myear1

then the usr and myears directories must exist, but the myear1 directory does not have to exist prior to running the launchClient class.