IBM Support

IBM WebSphere Java unrestricted policy files

Product Documentation


Abstract

WebSphere Application Server java unrestricted policy files

Content

A change to make the unrestricted java policy files the default has taken place as of the following releases. See the 'Related information' section to read about the changes in java.

WebSphere 9.0
  • Java 8 SR5 FP10

WebSphere 8.5
  • Java 8 SR5 FP10
  • Java 7.1 SR4 FP20
  • Java 7 SR10 FP20
  • Java 6.1 SR8 FP60

WebSphere 8.0
  • Java 6.1 SR8 FP60

WebSphere 7.0
  • Java 6 SR16 FP60

The changes in java move the restricted and unrestricted policy files to new locations, and add a parameter to the java.security file to set which policy files will be used.

For WebSphere 8.5, WebSphere 8.0, and WebSphere 7.0, the java.security file is non-serviceable. This means that the new property 'crypto.policy', will not be set in the WebSphere versions of the java.security file. In this case the following will occur:
  1. If US_export_policy.jar and local_policy.jar files (e.g. limited/unlimited) had been previously copied into  the legacy <java-home>/lib/security/ directory, then the rules embedded within those jar files will continue to be used. This preserves compatibility for users upgrading from an older installation.
  2. If the jar files are not present in the legacy <java-home>/lib/security/ directory, and the "crypto.policy=limited" java.security property has not been explicitly added by the user, then the JDK will use the unlimited settings (equivalent to crypto.policy=unlimited)
 

For WebSphere 9.0, the java.security file is serviceable, the new property should be visible and the new locations of the policy files will be seen when the specified java version is installed. The rules for setting which policy files are used follow the new standard.

In most cases, the change to use the unrestricted policy files should be transparent, no WebSphere configuration changes need to be made. The rules about which policy files are used should also make it so that legacy configurations will continue to work without change.

See the 'Related information' section for links to the description of the change in java, to verify which SDKs are shipped with and or tested with WebSphere fix packs, and to note which files in WebSphere java are non-serviceable.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Java SDK","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.5.5;8.5;8.0;7.0","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
19 February 2020

UID

swg27050936