Java 2 Security in WAS:
Links:
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/rsec_rpolicydir.html
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/csec_rsecmgr2.html
Debug Security exceptions in WAS:
The WebSphere Application Server SYSOUT file and the com.ibm.websphere.java2secman.norethrow property are the two primary aids for debugging.
he WebSphere System Log or Trace Files
The AccessControl exception that is logged in the system log or trace files contains the permission violation that causes the exception, the exception call stack, and the permissions granted to each stack frame. This information is usually enough to determine the missing permission and the code requiring the permission.
The com.ibm.websphere.java2secman.norethrow property
When Java 2 security is enabled in WebSphere Application Server, the security manager component creates a java.security.AccessControl exception when a permission violation occurs. This exception, if not handled, often causes a run-time failure. This exception is also logged in the SYSOUT file.
However, when the Java virtual machine com.ibm.websphere.java2secman.norethrow property is set and has a value of true, the security manager does not create the AccessControl exception. This information is logged.
To set the com.ibm.websphere.java2secman.norethrow property for the server, go to the WebSphere Application Server administrative console and click Servers > Application Servers > server_name. Under Additional Properties, click Process Definition > Java Virtual Machine > Custom Properties > New. In the Name field, type com.ibm.websphere.java2secman.norethrow. In the Value field, type true.
WebSphere Application Server administrative console and click
Servers > Application Servers > server_name.
Under Additional Properties, click
Process Definition > Java Virtual Machine > Custom Properties > New.
In the Name field, type com.ibm.websphere.java2secman.norethrow.
In the Value field, type true.
.java.policy in wasadmin's home directory
Having a .java.policy file in the home directory of the WAS user will have the server pick this up!
was.policy
A was.policy defines an EAR's java 2 security permissions (for the app) for Webspehere Application Server (WAS).
permission java.io.FilePermission "${was.install.root}/*", "read"
This specifically grants code to
read the install directory of the app server. The
* specifies that only this directory is allowed. Speficying a
- instead means in this directory and children as well.
