Java 2 Security is a control that is used to allow or deny access to resources based on rules. Java 2 Security is disabled by default, thus you will need to enable Java 2 Security to use Java 2 Security. It is important to recognize that once Java 2 Security is enabled, access to resouces may be denied, thus you'll want to first enable Java 2 Security in your development environment before doing so in production.

1. In the WebSphere admin console, expand Security and select Global Security.
2. Select Use Java 2 security to restrict application access to local resources.
3. Select OK.
4. Select Save.
5. Restart the cell (nodes, JVMs, dmgr).

Several files can be used to configure an application's Java 2 security.

Example

Let's say an application needs permission to read the example.jar file. Without proper Java 2 security, there may be a security exception in the SystemOut.log.

java.security.AccessControlException: access denied (java.io.FilePermission 
${was.install.root}/path/to/example.jar read)

This issue can be resolved by adding the following to one of the Java 2 security policy files.

grant codeBase "file:user_client_installed_location" { 
  permission java.io.FilePermission 
"${was.install.root}$(/)path$(/)to$(/)example.jar", "read";
};

app.policy

The default app.policy file is located at was_install_root/config/cells/your_cell/nodes/your_node/app.policy.  If you make a change to the app.policy file, you would need to restart the JVMs in the node for the change to take effect.

was.policy

The was.policy file is included in an EAR, thus changes made to was.policy only applies to the applications in the EAR. You would place the was.policy file in the was_install_root/installedApps/cell_name/your_ear/META-INF/ directory. If you make a change to the was.policy file, you would need to restart the application for the change to take effect.