Technical Note: Deploying Access Manager With Application Server 9.1

Adding Access Manager Permissions to the Application Server 9.1 `server.policy` File

If the Java Security Manager is enabled, add the following Access Manager 7.1 permissions to the Application Server 9.1 server.policy file:

// Additions for Access Manager
grant codeBase "file:\${com.sun.aas.instanceRoot}/applications/j2ee-modules/amserver/-" {
      permission java.net.SocketPermission "*", "connect,accept,resolve";
      permission java.util.PropertyPermission "*", "read, write";
      permission java.lang.RuntimePermission "modifyThreadGroup";
      permission java.lang.RuntimePermission "setFactory";
      permission java.lang.RuntimePermission "accessClassInPackage.*";
      permission java.util.logging.LoggingPermission "control";
      permission java.lang.RuntimePermission "shutdownHooks";
      permission javax.security.auth.AuthPermission "insertProvider.Mozilla-JSS";
      permission java.security.SecurityPermission "putProviderProperty.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "getLoginConfiguration";
      permission javax.security.auth.AuthPermission "setLoginConfiguration";
      permission javax.security.auth.AuthPermission "modifyPrincipals";
      permission javax.security.auth.AuthPermission "createLoginContext.*";
      permission java.security.SecurityPermission "insertProvider.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "putProviderProperty.Mozilla-JSS";
      permission java.io.FilePermission "<<ALL FILES>>", "execute,delete";
      permission java.util.PropertyPermission "java.util.logging.config.class", "write";
      permission java.security.SecurityPermission "removeProvider.SUN";
      permission java.security.SecurityPermission "insertProvider.SUN";
      permission java.security.SecurityPermission "removeProvider.Mozilla-JSS";
      permission javax.security.auth.AuthPermission "doAs";
      permission java.util.PropertyPermission "java.security.krb5.realm", "write";
      permission java.util.PropertyPermission "java.security.krb5.kdc", "write";
      permission java.util.PropertyPermission "java.security.auth.login.config", "write";
      permission java.util.PropertyPermission "user.language", "write";
      permission javax.security.auth.kerberos.ServicePermission "*", "accept";
      permission javax.net.ssl.SSLPermission "setHostnameVerifier";
      permission java.security.SecurityPermission "putProviderProperty.IAIK";
      permission java.security.SecurityPermission "removeProvider.IAIK";
      permission java.security.SecurityPermission "insertProvider.IAIK";
};
// End of additions for Access Manager

Note –

If you deploy Access Manager 7.1 using a name other than amserver, change that name in the grant statement.

Adding Access Manager Permissions to the Application Server 9.1 server.policy File

Adding Access Manager Permissions to the Application Server 9.1 `server.policy` File