13.4.3 Settings for using the exploded archive-format J2EE applications (changing the security settings)
This subsection describes the settings required for using the exploded archive-format J2EE applications.
To use the exploded archive-format J2EE applications, we recommend that you change the security settings using one of the following methods:
- Releasing SecurityManager
- Changing the security policy settings
A description of the methods is as follows.
- Organization of this subsection
- (1) To release SecurityManager
- (2) To change the security policy settings
(1) To release SecurityManager
When you start the J2EE server, specify the -nosecurity option in the cjstartsv command to release SecurityManager.
# cjstartsv server-name -nosecurity |
- Note
- By releasing SecurityManager, you can reduce the overhead of checking the permissions when the resources are accessed, but the security is lowered because the J2EE application can now access any resource.
(2) To change the security policy settings
Edit server.policy as follows in order to grant permissions to access resources in the JAR files and class files under the application directory:
grant codeBase "file:/D:/MyApplicationDir/Web.war/-"{
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "queuePrintJob";
permission java.net.SocketPermission "*", "connect";
permission java.io.FilePermission "<<ALL FILES>>", "read, write";
permission java.util.PropertyPermission "*", "read";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.security.auth.AuthPermission "createLoginContext.*";
}; |
Specify server.policy after you set up the system using the Smart Composer functionality commands.