permaculture playing cards*
The moose likes Security and the fly likes was.policy file location in WSAD/WebSphere Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "was.policy file location in WSAD/WebSphere" Watch "was.policy file location in WSAD/WebSphere" New topic
Author

was.policy file location in WSAD/WebSphere

Fidel Ruiz
Greenhorn

Joined: Oct 02, 2003
Posts: 4
I have a security problem with the WebSphere test invironment of WSAD. We are trying to get our permissions from an external source through JAAS. We have extended javax.security.auth.Policy, where we connect to our Authentication and Authorization Service to retrieve the permissions for a Subject. This works quite well.
However the Websphere testserver in WSAD is set default to get java.security.AllPermissions. This is done in the file server.policy. So it doesn't matter if the subject has any permissions at all, the default setting in server.policy gives it AllPermissions.
We removed the grant for AllPermission from the server.policy and created a was.policy with the necessary permissions and put it in cells/<cellname>/applications/<earfilename>/deployments/<applicationname>/META-INF/ (like is was explained in the help). But it doesn't matter where I put the was.policy file, it seems that the server can't find it or doesn't read it.
Is anybody familiar with the was.policy files in the WSAD testenvironment and where to put them?
Krishna Nagadev
Ranch Hand

Joined: Jan 04, 2005
Posts: 32
It should be under .ear/META-INF/was.policy
 
 
subject: was.policy file location in WSAD/WebSphere
 
Similar Threads
was.policy location in WSAD/Websphere testenvironment
Can I override the Websphere Policy (WSDynamicPolicy)?
Restricting permissions for a signed Java Web Start application
BEA-000254 error
was.policy and WAR files