Java 2 Security - Portal v6.1

Java 2 security with WebSphere Portal

+
Search Tips | Advanced Search

Java 2 (J2SE) security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. J2SE security allows you to set up individual policy files that control the privileges assigned to individual code sources. If the code does not have the required permissions and still tries to execute a protected operation, a corresponding security exception will be thrown by the Java Access Controller. Policy files assign individual permissions to individual code sources.
The syntax and semantics of the policy files are defined in the Java Language Specification. WAS uses a specific set of policy files to set up Java 2 Security. The following table contains information on the policy files and their protection scope:

Default location and policy file Protection scope
AppServer_root/java/jre/java.policy Root policy file that contains permissions for all the processes launched by WAS.
WP_PROFILE/properties/server.policy Grant default permissions to all product servers.
WP_PROFILE/properties/client.policy Grant default permissions for all of WebSphere Portal client containers and applets on a node.
WP_PROFILEcells/cell/nodes/node/spi.policy For the Service Provider Interface or third party resources embedded in portal.
Default permission is...
java.security.AllPermissions

WP_PROFILEcells/cell/nodes/node/library.policy Grant default permissions (empty) to code contained in the shared library to use in multiple product applications.
WP_PROFILEcells/cell/nodes/node/app.policy Grant default permissions to all enterprise applications running on this node in this cell.
WP_PROFILEcells/cell/applications/ear_file_name/deployments/appname/META-INF/was.policy Assign permissions to a specific enterprise application.
WP_PROFILE/rar_filename/META-INF/was.policy.RAR Permission specification defined in the ra.xml file.
The ra.xml file is embedded in the RAR file.

All WebSphere Portal code has the java.security.AllPermission specified in the server.policy file and all was.policy files that ship with WebSphere Portal. doPrivileged() calls are introduced into the portlet API to provide a portlet sandbox.

Parent topic
Security and authentication considerations
Java 2 Security
Infocenter: Java 2 security

Default location and policy file	Protection scope
AppServer_root/java/jre/java.policy	Root policy file that contains permissions for all the processes launched by WAS.
WP_PROFILE/properties/server.policy	Grant default permissions to all product servers.
WP_PROFILE/properties/client.policy	Grant default permissions for all of WebSphere Portal client containers and applets on a node.
WP_PROFILEcells/cell/nodes/node/spi.policy	For the Service Provider Interface or third party resources embedded in portal. Default permission is... java.security.AllPermissions
WP_PROFILEcells/cell/nodes/node/library.policy	Grant default permissions (empty) to code contained in the shared library to use in multiple product applications.
WP_PROFILEcells/cell/nodes/node/app.policy	Grant default permissions to all enterprise applications running on this node in this cell.
WP_PROFILEcells/cell/applications/ear_file_name/deployments/appname/META-INF/was.policy	Assign permissions to a specific enterprise application.
WP_PROFILE/rar_filename/META-INF/was.policy.RAR	Permission specification defined in the ra.xml file. The ra.xml file is embedded in the RAR file.