The server.policy File

Each Application Server domain has its own standard J2SE policy file, located in domain-dir/config. The file is named server.policy.

The Application Server is a J2EE 1.4 compliant application server. As such, it follows the requirements of the J2EE specification, including the presence of the security manager (the Java component that enforces the policy) and a limited permission set for J2EE application code.

This section covers the following topics:

• Default Permissions

• Changing Permissions for an Application

Default Permissions

Internal server code is granted all permissions. These are covered by the AllPermission grant blocks to various parts of the server infrastructure code. Do not modify these entries.

Application permissions are granted in the default grant block. These permissions apply to all code not part of the internal server code listed previously. The Application Server does not distinguish between EJB and web module permissions. All code is granted the minimal set of web component permissions (which is a superset of the EJB minimal set).

A few permissions above the minimal set are also granted in the default server.policy file. These are necessary due to various internal dependencies of the server implementation. J2EE application developers must not rely on these additional permissions.

One additional permission is granted specifically for using connectors. If connectors are not used in a particular domain, you should remove this permission, because it is not otherwise necessary.

Changing Permissions for an Application

The default policy for each domain limits the permissions of J2EE deployed applications to the minimal set of permissions required for these applications to operate correctly. Do not add extra permissions to the default set (the grant block with no codebase, which applies to all code). Instead, add a new grant block with a codebase specific to the applications requiring the extra permissions, and only add the minimally necessary permissions in that block.

If you develop multiple applications that require more than this default set of permissions, you can add the custom permissions that your applications need. The com.sun.aas.instanceRoot variable refers to the domain-dir. For example:

grant "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/-" { ... }

You can add permissions to stub code with the following grant block:

grant "file:${com.sun.aas.instanceRoot}/generated/-" { ... }

In general, you should add extra permissions only to the applications or modules that require them, not to all applications deployed to a domain. For example:

grant "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/MyApp/-" { ... }

For a module:

grant "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/MyModule/-" { ... }

Do not add extra permissions to the default set (the grant block with no codebase, which applies to all code). Instead, add a new grant block with a codebase specific to the application requiring the extra permissions, and only add the minimally necessary permissions in that block.

Do not add java.security.AllPermission to the server.policy file for application code. Doing so completely defeats the purpose of the security manager, yet you still get the performance overhead associated with it.

As noted in the J2EE specification, an application should provide documentation of the additional permissions it needs. If an application requires extra permissions but does not document the set it needs, contact the application author for details.

As a last resort, you can iteratively determine the permission set an application needs by observing AccessControlException occurrences in the server log. If this is not sufficient, you can add the -Djava.security.debug=fail JVM option to the domain. For details, see the Sun Java System Application Server Platform Edition 8.2 Administration Guide or the Sun Java System Application Server Platform Edition 8.2 Administration Reference.

You can use the J2SE standard policytool or any text editor to edit the server.policy file. For more information, see:

http://java.sun.com/docs/books/tutorial/security1.2/tour2/index.html

For detailed information about the permissions you can set in the server.policy file, see:

http://java.sun.com/j2se/1.4/docs/guide/security/permissions.html

The Javadoc for the Permission class is at:

http://java.sun.com/j2se/1.4/docs/api/java/security/Permission.html