Portal, Express Beta Version 6.1
Operating systems: i5/OS, Linux,Windows
|
Portal, Express Beta Version 6.1
Operating systems: i5/OS, Linux,Windows |
Java 2 (J2SE) security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. J2SE security allows you to set up individual policy files that control the privileges assigned to individual code sources. If the code does not have the required permissions and still tries to execute a protected operation, a corresponding security exception will be thrown by the Java Access Controller.
Policy files assign individual permissions to individual code sources. The syntax and semantics of the policy files are defined in the Java Language Specification. WebSphere Application Server uses a specific set of policy files to set up Java 2 Security. The following table contains information on the policy files and their protection scope:| Default location and policy file | Protection scope |
|---|---|
| AppServer_root/java/jre/lib/security/java.policy | This is the root policy file that contains permissions for all the processes launched by WebSphere Application Server. |
| wp_profile_rootproperties/server.policy | This policy file grants default permissions to all product servers. |
| wp_profile_rootproperties/client.policy | This policy file grants default permissions for all of the product client containers and applets on a node. |
| wp_profile_rootconfig/cells/cell_name/nodes/node_name/spi.policy | This template is for the Service Provider Interface (SPI) or the third party resources that are embedded in the product. The default permission is java.security.AllPermissions. |
| wp_profile_rootconfig/cells/cell_name/nodes/node_name/library.policy | This policy grants default permissions (empty) to code contained in the shared library (Java library classes) to use in multiple product applications. |
| wp_profile_rootconfig/cells/cell_name/nodes/node_name/app.policy | This policy grants default permissions to all enterprise applications running on this node in this cell. |
| wp_profile_rootconfig/cells/cell_name/applications/ear_file_name/deployments/application_name/META-INF/was.policy | This policy assigns permissions to a specific enterprise application, imbedded within EAR:/META-INF/was.policy. |
| wp_profile_rootrar_filename/META-INF/was.policy.RAR | This file can have a permission specification that is defined in the ra.xml file. The ra.xml file is embedded in the RAR file. |
All WebSphere Portal Express code has the java.security.AllPermission specified in the server.policy file and all was.policy files that ship with the product. doPrivileged() calls are introduced into the portlet API to provide a portlet sandbox.
Parent topic: Security and authentication considerations Java 2 Security
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_rsecmgr2.html
Java 2 Platform Securityhttp://java.sun.com/j2se/1.3/docs/guide/security/index.html
