This file contains permissions for a service provider interface (SPI) or third-party resources that are embedded in WebSphere Application Server - Express. Examples of SPIs are JDBC drivers. By default, the content of this file grants permission to everything. You may need to update this file when more permissions are required for SPI resources. However, use care when updating the file because its permissions are applied to all of the SPIs that are defined in resources.xml.
Note: Do not place the codebase keyword or any other keyword after the filterMask and runtimeFilterMask keywords. The Signed By and the Java Authentication and Authorization Service (JAAS) principal keywords are not supported in the spi.policy file. However, the Signed By keyword is supported in the following policy files: java.policy and server.policy. The JAAS principal keyword is supported in a JAAS policy file when it is specified by the Java Virtual Machine (JVM) system property, java.security.auth.policy. You can statically set the authorization policy files in java.security.auth.policy with auth.policy.url.n=URL where n is an integer and URL is the location of the authorization policy.
The union of the permissions that are contained in the java.policy file and spi.policy file are applied to the SPI libraries.
The WebSphere Application Server - Express spi.policy file is located in the /QIBM/UserData/WebASE51/ASE/instance/config/cells/cell/nodes/node directory, where instance is the name of your instance, cell is the name of your cell, and node is the name of your node.
The default spi.policy file contains the following default permission:
grant {
permission java.security.AllPermission;
};
For the updated spi.policy file to take effect, you must restart all related Java processes.