Java 2 Security in WebSphere (app.policy was.policy)

Home > Search

Several files are used to configure an application's Java 2 security, such as app.policy and was.policy. For example, let's say an application needs permission to read the example.jar file. Without proper Java 2 security, there may be a security exception in the SystemOut.log. access denied ( 
${was.install.root}/path/to/example.jar read)


This issue can be resolved by adding the following to one of the Java 2 security policy files, such as app.policy or was.policy.

grant codeBase "file:user_client_installed_location" { 
"${was.install.root}$(/)path$(/)to$(/)example.jar", "read";


app.policy (dynamic)

Changes made to app.policy apply to every application in a nodel, so you would only make a changes to this file if you need to set a permission for every application in a node. When WebSphere is installed, the default app.policy file is located at was_home/config/cells/your_cell/nodes/your_node/app.policy. You would need to restart the JVMs in the node for the changes to take effect.


was.policy (dynamic)

The was.policy file is included in an EAR, and changes made to was.policy only applies to the applications in the EAR. You would place the was.policy file in the was_home/installedApps/cell_name/your_ear/META-INF/ directory.


java.policy (static)

The java.policy file applies to all of the Java classes in each Java application. For example, the java.policy file would apply to the class named Dog.

Public class Dog {
  Public static void main(String []args){
    Puppy myPuppy = new Puppy( "Old Yeller" );


server.policy (static)

The server policy file configures permission for WebSphere server processes.


client.policy (static)

The client policy file configures permissions for client containers and applets.

Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.