Create a classes subdirectory in your instance for custom classes

The directory structure of WebSphere Application Server - Express for iSeries differs from WebSphere Application Server - Express on other platforms. On the iSeries system, WebSphere Application Server - Express resides in two main directories:

• /QIBM/ProdData/WebASE51/ASE
  Contains product JAR files, scripts, and the master copies of the administrative application, samples, and properties files. These directories are referred to as ${WAS_INSTALL_ROOT}. It is recommended that you never modify files in these directories.

• /QIBM/UserData/WebASE51/ASE
  Contains user instance data, which are a combination of unique files and symmetric links to files in the ProdData directories. When you create an application server instance, a subdirectory with your instance name is created, and the files that define your instance are placed in it. The subdirectory that contains an instance, such as /QIBM/UserData/WebASE51/ASE/instance (where instance is the name of your instance) is referred to as ${USER_INSTALL_ROOT}.

The reason for this separation of product files is two-fold:

• To separate files that run the product from files that can be modified (either by editing or through the administrative interfaces) by the user. The separation better ensures that product fixes do not overwrite user-defined data, such as modifications to properties files.
• To isolate configuration differences between instances. For example, each instance subdirectory can have its own copy of the Java 2 Security files, which allows the instance to have a unique Java 2 Security configuration, rather than all instances conforming to only one product-wide configuration.

WebSphere Application Server - Express provides application programming interfaces (APIs) that you can use to develop your own WebSphere security components. For example, you can create custom user registries. For other WebSphere Application Server - Express platforms, it is recommended that you place the files for your custom security component in the ${WAS_INSTALL_ROOT}/classes directory, which specified in the application server classpath. This is not recommended for the iSeries platform. On iSeries, ${WAS_INSTALL_ROOT}/classes equates to the /QIBM/ProdData/WebASE51/ASE/classes directory. Placing custom files in this directory means that the files are accessible from all server instances, which may not be a desirable or secure behavior.

Therefore, it is recommended that you create a classes subdirectory in your instance in which you can place your custom security components. Additionally, the QEJBSVR user profile must have authority to the directory.

To create the classes subdirectory and grant the necessary authorities, run the following command from the iSeries command line:

 CRTDIR DIR('/QIBM/UserData/WebASE51/ASE/instance/classes')

where instance is the name of your instance. For example, if you want to create a classes subdirectory for an instance named myInst, run the following command:

 CRTDIR DIR('/QIBM/UserData/WebASE51/ASE/myInst/classes')

Alternatively, you can map or mount a workstation network drive to the iSeries server and create the classes subdirectory from the workstation command prompt or a graphical file explorer utility (such as Windows Explorer).

If you are using Java 2 Security, updated your ${USER_INSTALL_ROOT}/properties/server.policy file to grant the appropriate Java 2 Security permissions to the classes in the directory. For more information about the permissions, see Configure the server.policy file.

Note: If you create the directory from the Qshell command line, the proper authorities are not inherited from the parent directory. You must then explicity grant the QEJBSVR user profile read, write, and execute (*RWX) authority to the directory. For example, run the following command:

 CHGAUT OBJ('directory') USER(QEJBSVR) DTAAUT(*RWX)

where directory is the fully qualified path of the classes subdirectory in your instance.