Configure static policy files: WAS v5.1

Configure static policy files
Java 2 security uses several policy files to determine the granted permission for each Java program. See the Dynamic Policy article for the list of available policy files supported by WAS v5.
There are two types of policy files supported by WAS v5, dynamic policy files and static policy files. Static policy files provide the default permissions. Dynamic policy files provide application's permissions.

Policy file name Description
java.policy Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy Contains default permissions for all of the WAS programs on the node. This files is rarely updated.
client.policy Contains default permissions for all of the applets and client containers on the node.
The static policy file is not a configuration file managed by the repository and the file replication service. Changes to this file are local and do not get replicated to the other machine.

Identify the policy file to update.

If the permission is required only by an application, update the dynamic policy file. Refer to Configuring Java 2 security policy files.
If the permission is required only by applets and client containers, update the client.policy file.
If the permission is required only by WAS (servers, agents, managers and appservers), update the server.policy file.
If the permission is required by all of the Java programs running on the Jave Virtual Machine (JVM), update the java.policy file.

Stop and restart the WAS.

The required permission is granted for all of the Java programs running with the cycled JVM.

Usage Scenario

java.security.AccessControlException: access denied java.io.FilePermission( C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar read)

When a Java program receives this exception and adding this permission is justified, add a permission to an adequate policy file, for example...
grant codeBase "file:<user client installed location>" { permission java.io.FilePermission "C:\WebSphere\AppServer\java\jre\lib\ext\mail.jar", "read"; };
To decide whether to add a permission, refer to AccessControlException.

See Also
Java 2 security policy files
Java 2 security policy files
AccessControlException
Configuring Java 2 security
Using PolicyTool to edit policy files
Java 2 security

Policy file name	Description
java.policy	Contains default permissions for all of the Java programs on the node. This file seldom changes.
server.policy	Contains default permissions for all of the WAS programs on the node. This files is rarely updated.
client.policy	Contains default permissions for all of the applets and client containers on the node.