Technical data
14 Managing Security
14-66 Administration Guide
3. If you have extra directories in your CLASSPATH or if you are deploying
applications in extra directories, add specific permissions for those directories to
your
weblogic.policy file.
4. BEA recommends taking the following precautions:
l Make a backup copy of the weblogic.policy file and put the backup copy
in a secure location.
l Set the permissions on the weblogic.policy file such that the administrator
of the WebLogic Server deployment has write and read privileges and no
other users.
5. To use the Java Security Manager and the
weblogic.policy file with your
WebLogic Server deployment, use the following properties when starting
WebLogic Server:
$java... -Djava.security.manager\
-Djava.security.policy==D:/BEA/wlserver6.1/lib/weblogic.policy
Caution: The Java security manager is partially disabled during the booting of
Administration and Managed Servers. During the boot sequence, the
current Java security manager is disabled and replaced with a variation of
the Java security manager that has the
checkRead() method disabled.
While disabling this method greatly improves the performance of the boot
sequence, it also minimally diminishes security. The startup classes for
WebLogic Server are run with this partially disabled Java security manager
and therefore the classes need to be carefully scrutinized for security
considerations involving the reading of files.
For more information about the Java Security Manager, see the Javadoc shipped with
Java 2.