Configure the spi.policy file

This file contains permissions for a service provider interface (SPI) or third-party resources that are embedded in WebSphere Application Server. Examples of SPIs are Java Messaging Service (JMS) and JDBC drivers. By default, the content of this file grants permission to everything. You may need to update this file when more permissions are required for SPI resources. However, use care when updating the file because its permissions are applied to all of the SPIs that are defined in resources.xml.

The union of the permissions that are contained in the java.policy file and spi.policy file are applied to the SPI libraries. The spi.policy file is managed by the WebSphere Application Server configuration and file replication services, so changes to this file are replicated to other nodes in the Network Deployment cell.

The WebSphere Application Server spi.policy file is located in the /QIBM/UserData/WebAS5/product/instance/config/cells/cell/nodes/node directory, where product is Base or ND, instance is the name of your instance, cell is the name of your cell, and node is the name of your node.

The default spi.policy file contains the following default permission:

  grant {
    permission java.security.AllPermission;
  };

For the updated spi.policy file to take effect, restart all related Java processes.