[ start | index | login ]
start > Development > Java & J2EE > Websphere > Java 2 Security

Java 2 Security

Created by mpecher. Last edited by mpecher, 5 years and 111 days ago. Viewed 1,804 times. #5
[diff] [history] [edit] [rdf]
labels
attachments

Java 2 Security in WAS:

Links:
>>http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rsec_rpolicydir.html
>>http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_rsecmgr2.html

Debug Security exceptions in WAS:

The WebSphere Application Server SYSOUT file and the com.ibm.websphere.java2secman.norethrow property are the two primary aids for debugging. he WebSphere System Log or Trace Files The AccessControl exception that is logged in the system log or trace files contains the permission violation that causes the exception, the exception call stack, and the permissions granted to each stack frame. This information is usually enough to determine the missing permission and the code requiring the permission. The com.ibm.websphere.java2secman.norethrow property When Java 2 security is enabled in WebSphere Application Server, the security manager component creates a java.security.AccessControl exception when a permission violation occurs. This exception, if not handled, often causes a run-time failure. This exception is also logged in the SYSOUT file.

However, when the Java virtual machine com.ibm.websphere.java2secman.norethrow property is set and has a value of true, the security manager does not create the AccessControl exception. This information is logged.

To set the com.ibm.websphere.java2secman.norethrow property for the server, go to the WebSphere Application Server administrative console and click Servers > Application Servers > server_name. Under Additional Properties, click Process Definition > Java Virtual Machine > Custom Properties > New. In the Name field, type com.ibm.websphere.java2secman.norethrow. In the Value field, type true.

WebSphere Application Server administrative console and click 
Servers > Application Servers > server_name. 
Under Additional Properties, click 
Process Definition > Java Virtual Machine > Custom Properties > New. 
In the Name field, type com.ibm.websphere.java2secman.norethrow. 
In the Value field, type true.

.java.policy in wasadmin's home directory

Having a .java.policy file in the home directory of the WAS user will have the server pick this up!

was.policy

A was.policy defines an EAR's java 2 security permissions (for the app) for Webspehere Application Server (WAS).

permission java.io.FilePermission "${was.install.root}/*", "read"

This specifically grants code to read the install directory of the app server. The * specifies that only this directory is allowed. Speficying a - instead means in this directory and children as well.
no comments | post comment
see also:
Java & J2E... Java & J2EE snipsnap-index snipsnap-search
Entity Relationship Di... Java & J2E... Understanding me... Development
Version Control System... Java+&+J2E... Trailer Wiring HTTP Header
snipsnap-help Java & J2E... Java & J2E... Java+%26+J...
Java & J2E... Java & J2E... Java & J2E...

Menu:
Java & J2EE
Development
Books

Help:
Help FAQ
Formatting


< February 2012 >
SunMonTueWedThuFriSat
1234
567891011
12131415161718
19202122232425
26272829


Logged in Users: (0)
… and 8 Guests.

Recently Changed


Disclaimer: Views and opinions are that of the individual author, and not that of Marand Custom Solutions. This site is an open forum for technical content, and the company accepts no liability for any content or view expressed.