Development/Java & J2EE/Websphere/Java 2 Security 1 Java 2 Security in WAS: ---- Links:\\ http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rsec_rpolicydir.html\\ http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_rsecmgr2.html\\ 1 Debug Security exceptions in WAS: The WebSphere Application Server SYSOUT file and the com.ibm.websphere.java2secman.norethrow property are the two primary aids for debugging. he WebSphere System Log or Trace Files The AccessControl exception that is logged in the system log or trace files contains the permission violation that causes the exception, the exception call stack, and the permissions granted to each stack frame. This information is usually enough to determine the missing permission and the code requiring the permission. The com.ibm.websphere.java2secman.norethrow property When Java 2 security is enabled in WebSphere Application Server, the security manager component creates a java.security.AccessControl exception when a permission violation occurs. This exception, if not handled, often causes a run-time failure. This exception is also logged in the SYSOUT file. However, when the Java virtual machine com.ibm.websphere.java2secman.norethrow property is set and has a value of true, the security manager does not create the AccessControl exception. This information is logged. To set the com.ibm.websphere.java2secman.norethrow property for the server, go to the WebSphere Application Server administrative console and click Servers > Application Servers > server_name. Under Additional Properties, click Process Definition > Java Virtual Machine > Custom Properties > New. In the Name field, type com.ibm.websphere.java2secman.norethrow. In the Value field, type true. {code} WebSphere Application Server administrative console and click __Servers > Application Servers > server_name__. Under Additional Properties, click __Process Definition > Java Virtual Machine > Custom Properties > New__. In the __Name__ field, type __com.ibm.websphere.java2secman.norethrow__. In the __Value__ field, type __true__. {code} ---- 1 .java.policy in wasadmin's home directory Having a .java.policy file in the home directory of the WAS user will have the server pick this up! ---- 1 was.policy A was.policy defines an EAR's java 2 security permissions (for the app) for Webspehere Application Server (WAS). 1.1 permission java.io.FilePermission "${was.install.root}/*", "read" This specifically grants code to __read__ the install directory of the app server. The __ \* __ specifies that only this directory is allowed. Speficying a __ - __ instead means in this directory and children as well. 2006-10-19 16:37:01.0 2006-10-19 11:31:53.0