Java 2 Security

Java 2 security with WebSphere Portal

Java 2 (J2SE) security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. J2SE security allows you to set up individual policy files that control the privileges assigned to individual code sources. If the code does not have the required permissions and still tries to execute a protected operation, the Java Access Controller will throw a corresponding security exception. Policy files assign individual permissions to individual code sources.
The syntax and semantics of the policy files are defined in the Java Language Specification. WAS uses a specific set of policy files to set up Java 2 Security.
Policy file Protection scope
AppServer_root/java/jre/lib/security/java.policy Root policy file containing permissions for all the processes launched by WAS.
profile_root/properties/server.policy Grants default permissions to all product servers.
profile_root/properties/client.policy Grants default permissions for all of the product client containers and applets on a node.
profile_root/config/cells/cell/nodes/node/spi.policy Template is for the Service Provider Interface (SPI) or the third party resources embedded in the product. The default permission is...

java.security.AllPermissions

profile_root/config/cells/cell/nodes/node/library.policy Grants default permissions (empty) to code contained in the shared library (Java library classes) to use in multiple product applications.
profile_root/config/cells/cell/nodes/node/app.policy Grants default permissions to all enterprise applications running on this node in this cell.
profile_root/config/cells/cell/applications/earfile/deployments/appname/META-INF/was.policy Assign permissions to a specific enterprise application, imbedded within...

EAR:/META-INF/was.policy

rar_filename/META-INF/was.policy.rar Permission specification defined in ra.xml, which is embedded in the RAR file.

All code artifacts, installed with the WebSphere Portal product, run with java.security.AllPermission specified either in the server.policy file for the portal shared libraries or in the individual was.policy files for the individual portlets.
Portlets that are installed on WebSphere Portal after installation can bring along their own was.policy files defining the allowed interactions of the portlet code with the system resources; see Portlet concepts for additional information.

The appserver searches for was.policy files in the enterprise application archive rather than the Web application archive comprising a portlet. Therefore, the portal server copies was.policy from the appname.war/META-INF directory to the generated appname.ear/META-INF directory during deployment of a portlet WAR file.

Parent topic:
Security and authentication

Parent topic:
Additional security features

Related concepts

Portlet concepts Java 2 Security

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/Java_2_security290.html Java 2 Security

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/Java_2_security290.html Java 2 Platform Security

http://java.sun.com/j2se/1.3/docs/guide/security/index.html

Policy file	Protection scope
AppServer_root/java/jre/lib/security/java.policy	Root policy file containing permissions for all the processes launched by WAS.
profile_root/properties/server.policy	Grants default permissions to all product servers.
profile_root/properties/client.policy	Grants default permissions for all of the product client containers and applets on a node.
profile_root/config/cells/cell/nodes/node/spi.policy	Template is for the Service Provider Interface (SPI) or the third party resources embedded in the product. The default permission is... java.security.AllPermissions
profile_root/config/cells/cell/nodes/node/library.policy	Grants default permissions (empty) to code contained in the shared library (Java library classes) to use in multiple product applications.
profile_root/config/cells/cell/nodes/node/app.policy	Grants default permissions to all enterprise applications running on this node in this cell.
profile_root/config/cells/cell/applications/earfile/deployments/appname/META-INF/was.policy	Assign permissions to a specific enterprise application, imbedded within... EAR:/META-INF/was.policy
rar_filename/META-INF/was.policy.rar	Permission specification defined in ra.xml, which is embedded in the RAR file.