ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/sec/seccj2sp.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">

<title>Configure the spi.policy file</title>
</head>

<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>

<h5><a name="seccj2sp"></a>Configure the spi.policy file</h5>

<p>This file contains permissions for a service provider interface (SPI) or third-party resources that are embedded in WebSphere Application Server - Express. Examples of SPIs are JDBC drivers. By default, the content of this file grants permission to everything. You may need to update this file when more permissions are required for SPI resources. However, use care when updating the file because its permissions are applied to all of the SPIs that are defined in resources.xml.</p>

<p><strong>Note:</strong> Do not place the <tt>codebase</tt> keyword or any other keyword after the <tt>filterMask</tt> and <tt>runtimeFilterMask</tt> keywords. The <tt>Signed By</tt> and the Java Authentication and Authorization Service (JAAS) <tt>principal</tt> keywords are not supported in the spi.policy file. However, the <tt>Signed By</tt> keyword is supported in the following policy files: java.policy and server.policy. The JAAS <tt>principal</tt> keyword is supported in a JAAS policy file when it is specified by the Java Virtual Machine (JVM) system property, <tt>java.security.auth.policy</tt>. You can statically set the authorization policy files in <tt>java.security.auth.policy</tt> with <tt>auth.policy.url.<em>n</em>=<em>URL</em></tt> where <em>n</em> is an integer and <em>URL</em> is the location of the authorization policy.</p>

<p>The union of the permissions that are contained in the java.policy file and spi.policy file are applied to the SPI libraries.</p>

<p>The WebSphere Application Server - Express spi.policy file is located in the /QIBM/UserData/WebASE51/ASE/<em>instance</em>/config/cells/<em>cell</em>/nodes/<em>node</em> directory, where <em>instance</em> is the name of your instance, <em>cell</em> is the name of your cell, and <em>node</em> is the name of your node.</p>

<p>The default spi.policy file contains the following default permission:</p>

<pre>  grant {
    permission java.security.AllPermission;
  };</pre>

<p>For the updated spi.policy file to take effect, you must restart all related Java processes.</p>

</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">`
			`<html>`
			`<head>`
			`<META http-equiv="Content-Type" content="text/html; charset=utf-8">`
			`<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">`

			`<title>Configure the spi.policy file</title>`
			`</head>`

			`<BODY>`
			`<!-- Java sync-link -->`
			`<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>`

			`<h5><a name="seccj2sp"></a>Configure the spi.policy file</h5>`

			`<p>This file contains permissions for a service provider interface (SPI) or third-party resources that are embedded in WebSphere Application Server - Express. Examples of SPIs are JDBC drivers. By default, the content of this file grants permission to everything. You may need to update this file when more permissions are required for SPI resources. However, use care when updating the file because its permissions are applied to all of the SPIs that are defined in resources.xml.</p>`

			<p><strong>Note:</strong> Do not place the <tt>codebase</tt> keyword or any other keyword after the <tt>filterMask</tt> and <tt>runtimeFilterMask</tt> keywords. The <tt>Signed By</tt> and the Java Authentication and Authorization Service (JAAS) <tt>principal</tt> keywords are not supported in the spi.policy file. However, the <tt>Signed By</tt> keyword is supported in the following policy files: java.policy and server.policy. The JAAS <tt>principal</tt> keyword is supported in a JAAS policy file when it is specified by the Java Virtual Machine (JVM) system property, <tt>java.security.auth.policy</tt>. You can statically set the authorization policy files in <tt>java.security.auth.policy</tt> with <tt>auth.policy.url.<em>n</em>=<em>URL</em></tt> where <em>n</em> is an integer and <em>URL</em> is the location of the authorization policy.</p>

			`<p>The union of the permissions that are contained in the java.policy file and spi.policy file are applied to the SPI libraries.</p>`

			`<p>The WebSphere Application Server - Express spi.policy file is located in the /QIBM/UserData/WebASE51/ASE/<em>instance</em>/config/cells/<em>cell</em>/nodes/<em>node</em> directory, where <em>instance</em> is the name of your instance, <em>cell</em> is the name of your cell, and <em>node</em> is the name of your node.</p>`

			`<p>The default spi.policy file contains the following default permission:</p>`

			`<pre> grant {`
			`permission java.security.AllPermission;`
			`};</pre>`

			`<p>For the updated spi.policy file to take effect, you must restart all related Java processes.</p>`

			`</body>`
			`</html>`