Enabling Java 2 security for Focal Point on WebSphere Application Server (Optional)

Installing : Installing Focal Point : Setting up the application server : Setting up and starting WebSphere Application Server : Enabling Java 2 security for Focal Point on WebSphere Application Server (Optional)

You have an option of restricting the application access to local resources by enabling the Java 2 security option on WebSphere Application Server.

Procedure

1 Stop the server and clear the WebSphere Application Server cache.

2 Enable Java 2 Security for Focal Point:

▪ On the WebSphere Integrated Solutions Console, click Security > Global Security.

▪ Select Use Java 2 security to restrict application access to local resources.

3 Update the library.policy and was.policy files:

▪ On the computer where the deployment manager is configured, extract this file, which contains the was.policy and python script:

FP_HOME/artifacts/JavaSecurityPolicyFiles/fp_j2security.zip

▪ Make sure that the nodes are servers are stopped.

▪ Start the deployment manager.

▪ Open the command prompt/shell, and then go to:

<WAS_HOME>/profiles/<Manager Name>/bin

▪ Run this command:

wsadmin.sh –user username -password password -lang jython –f python script location cellname nodename library.policy file location was.policy file location

For example:

wsadmin.sh -user admin -password focalpoint -lang jython -f C:/WASpolicyFiles/updatepolicy.py hraphaelCell01 hraphaelNode01 C:/WASpolicyFiles/library.policy C:/WASpolicyFiles/was.policy

4 Restart the node and server.

Notes

▪ If you have more than one node, provide the node names as values that are separated by comma. For example, hraphaelNode01,hraphaelNode05.

▪ Single space is the delimiter for command line arguments.

▪ Windows only: If the folder name contains a space, make sure to replace the short name C:/Program Files with C:/PROGRA~1. Go to C:\ drive and run the command dir\x to get the short name.

▪ Make sure to use forward slashes as the file separator.

▪ While running the script, type y to continue to modify the local library.policy file.

grant{ permission java.security.AllPermission; };

Save the file. Type y in the console, and then press Enter to continue.

▪ The location of library.policy file is the location to which to extract the contents. For example, if you specify the location as C:\library.policy, and if the library.policy file does not exist, a library.policy is created in the C drive and copies the contents from the nodes library.policy file to the newly created policy file. If the library.policy already exists, the policy file is overwritten by the contents of the nodes library.policy file.

Troubleshooting

If this error occurs...

[SOAPExceptionL faultCode=SOAP-ENV:Client; msg=Read timed out; targetException=java.net.SocketTimeoutException: Read timed out.

...do this:

1 Stop the manager.

2 Open the soap.client.props file that is located in WAS_HOME\profiles\<ManagerName>\properties\soap.client.props.

3 Set the value of com.ibm.SOAP.requestTimeout to a higher value and save the file.

A value of 0 ensures that the SOAP request will not time out.

4 Start the manager and run the commands again.