Configure the client.policy file

The client.policy file is a default policy file that is shared by all of the WebSphere Application Server client containers and applets on a node. The client.policy file is not a configuration file that is managed by the WebSphere configuration and file replication services. Changes to this file are local and are not replicated to other machines in the cell.

The client.policy file is located in the /QIBM/ProdData/WebAS5/product/properties directory, where product is Base or ND. It contains these default permissions:

  grant codeBase "file:${was.install.root}/java/extlib/*" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/java/extlib/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/java/tools/ibmtools.jar" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:/QIBM/ProdData/Java400/jdk13/lib/tools.jar" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/lib/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/classes/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${user.install.root}/installedConnectors/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${user.install.root}/installedApps/-" {
    permission java.awt.AWTPermission "accessClipboard";
    permission java.awt.AWTPermission "accessEventQueue";
    permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
    permission java.lang.RuntimePermission "exitVM";
    permission java.lang.RuntimePermission "loadLibrary";
    permission java.lang.RuntimePermission "queuePrintJob";
    permission java.net.SocketPermission "*", "connect";
    permission java.net.SocketPermission "localhost:1024-", "accept,listen";
    permission java.io.FilePermission "*", "read,write";
    permission java.util.PropertyPermission "*", "read";
  };

  grant codeBase "file:${com.ibm.websphere.client.applicationclient.archivedir}/-" {
    permission java.awt.AWTPermission "accessClipboard";
    permission java.awt.AWTPermission "accessEventQueue";
    permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
    permission java.lang.RuntimePermission "exitVM";
    permission java.lang.RuntimePermission "loadLibrary";
    permission java.lang.RuntimePermission "queuePrintJob";
    permission java.net.SocketPermission "*", "connect";
    permission java.net.SocketPermission "localhost:1024-", "accept,listen";
    permission java.io.FilePermission "*", "read,write";
    permission java.util.PropertyPermission "*", "read";
  };

  grant codeBase "file:/QIBM/ProdData/mqm/java/-" {
    permission java.security.AllPermission;
  };

If the default permissions for client are enough, no action is required. If a specific change is required to some of the client containers and applets on a node, modify the client.policy file with policytool. For more information, see Create and edit policy files with the policy tool.

After you have updated the client.policy file, close and restart the browser. You must also restart the client application.