IBM Support

IBM WebSphere Java unrestricted policy files

Product documentation


Abstract

WebSphere Application Server java unrestricted policy files

Content

A change to make the unrestricted java policy files the default has taken place as of the following releases. See the 'Related information' section to read about the changes in java.

WebSphere 9.0

  • Java 8 SR5 FP10

WebSphere 8.5
  • Java 8 SR5 FP10
  • Java 7.1 SR4 FP20
  • Java 7 SR10 FP20
  • Java 6.1 SR8 FP60

WebSphere 8.0
  • Java 6.1 SR8 FP60

WebSphere 7.0
  • Java 6 SR16 FP60

The changes in java move the restricted and unrestricted policy files to new locations, and add a parameter to the java.security file to set which policy files will be used.

For WebSphere 8.5, WebSphere 8.0, and WebSphere 7.0, the java.security file is non-serviceable. This means that the new property 'crypto.policy', will not be set in the WebSphere versions of the java.security file. In this case the following will occur:
  1. If the "crypto.policy" property is not set and the traditional US_export_policy.jar and local_policy.jar files (e.g. limited/unlimited) are found in the legacy <java-home>/lib/security directory, then the rules embedded within those jar files will be used. This helps preserve compatibility for users upgrading from an older installation.
  2. If the jar files are not present in the legacy location and the "crypto.policy" Security property is not defined, then the JDK will use the unlimited settings (equivalent to crypto.policy=unlimited)

For WebSphere 9.0, the java.security file is serviceable, the new property should be visible and the new locations of the policy files will be seen when the specified java version is installed. The rules for setting which policy files are used follow the new standard.

In most cases, the change to use the unrestricted policy files should be transparent, no WebSphere configuration changes need to be made. The rules about which policy files are used should also make it so that legacy configurations will continue to work without change.

See the 'Related information' section for links to the description of the change in java, to verify which SDKs are shipped with and or tested with WebSphere fix packs, and to note which files in WebSphere java are non-serviceable.

Related information

IBM Java 8.0 Policy Files
IBM Java 7.1 Policy Files
IBM Java 7.0 Policy Files
Verify Java SDK version shipped with IBM WebSphere
WebSphere Java Non-serviceable files

Document information

More support for: WebSphere Application Server
Java SDK

Software version: 7.0, 8.0, 8.5, 8.5.5, 9.0

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows, z/OS

Software edition: Base, Network Deployment

Reference #: 7050936

Modified date: 11 April 2018


Translate this page: