Java 2 security is a programming model that is very pervasive and has a huge impact on application development.
Java 2 security is orthogonal to Java Platform, Enterprise Edition (Java EE) role-based security; you can disable or enable it independently of administrative security.
However, it does provide an extra level of access control protection on top of the Java EE role-based authorization. It particularly addresses the protection of system resources and application programming interfaces (API). Administrators need to consider the benefits against the risks of disabling Java 2 security.
Refer to Java 2 security
The default permission set for applications
is the recommended permission set that is defined in the J2EE 1.3
Specification. The default is declared in the app_server_root/profiles/profile_name/config/cells/cell_name/nodes/node_name/app.policy policy
file with permissions defined in the Development Kit (JAVA_HOME/jre/lib/security/java.policy)
policy file that grant permissions to everyone. However, applications
are denied permissions that are declared in the profiles/profile_name/config/cells/cell_name/filter.policy file.
Permissions that are declared in the filter.policy file are
filtered for applications during the permission check.
Define the required permissions for an application in a was.policy file and embed the was.policy file in the application enterprise archive (EAR) file as YOURAPP.ear/META-INF/was.policy, see Configuring Java 2 security policy files for details.
The following steps describe how to enforce Java 2 security on the cell level for WebSphere Application Server, Network Deployment and the server level for WebSphere Application Server and WebSphere Application Server, Express:
In this information ...Subtopics
Related tasks
| IBM Redbooks, demos, education, and more(Index) |