Configure the server.policy file

The server.policy file is a default policy file that is shared by all of the WebSphere servers on a node. If the default permissions for the server are adequate, no action is required. If a specific change is required to some of the server programs on a node, update the server.policy file. If you want to add permissions to an application, use the app.policy and was.policy files.

If some server programs on a node require permissions that are not defined as defaults in the java.policy file and the server.policy file, use the policy tool to update the server.policy file. To decide whether to add a permission, see AccessControlException.

The server.policy file is not a configuration file that is managed by the WebSphere configuration and file replication service. Changes to this file are local and are not replicated to other machines in the cell.

The server.policy file is located in the /QIBM/ProdData/WebAS5/product/properties directory, where product is either Base or ND. It contains these default permissions:

  grant codeBase "file:${was.install.root}/java/extlib/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/java/tools/ibmtools.jar" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:/QIBM/ProdData/Java400/jdk13/lib/tools.jar" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/lib/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/classes/-" {
    permission java.security.AllPermission;
  };

  grant codeBase "file:${was.install.root}/deploytool/-" {
    permission java.security.AllPermission;
  };

Use the policy tool to modify the server.policy file. For more information, see Create and edit policy files with the policy tool.

After you have updated the server.policy file, restart all of the Java processes for the updated server.policy file to take effect.