Skip to Main Content
Cloud Platform

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive a notification on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

If you encounter any issues accessing the Ideas portals, please send email describing the issue to ideasibm@us.ibm.com for resolution.

For more information about IBM's Ideas program visit ibm.com/ideas.

Status Functionality already exists
Created by Guest
Created on Sep 14, 2021

Support Java 2 Security to restrict application acceess to local resoures

This a CAT-I finding for DoD STIG: Below is their reasoning:

Rule Title: The WebSphere Application Server Java 2 security must be enabled.

Discussion: Java 2 security provides a policy-based fine grained access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 Security is independent on J2EE role-based authorization. Java 2 Security guards access to system resources such as file input and output, sockets, and properties, whereas J2EE security guards access to Web resources such as servlets and JSP files. Administrators should understand the possible consequences of enabling Java 2 Security if applications are not prepared for Java 2 Security. Java 2 Security places some new requirements on application developers and administrators. Admins need to make sure that all the applications are granted the required permissions; otherwise, applications may fail to run. By default, applications are granted the permissions recommended in the J2EE 1.3 Specification. For details of default permissions granted to applications in WebSphere, please refer to the following policy files:

/QIBM/ProdData/Java400/jdk14/lib/security/java.policy
/QIBM/UserData/WebASE51/ASE/instance/properties/server.policy
/QIBM/UserData/WebASE51/ASE/instance/config/cells/cell/nodes/node/app.policy
where instance is the name of your instance, cell is the name of your cell, and node is the name of your node.

Idea priority Medium
  • Guest
    Nov 22, 2021

    Has the been tested with a netcool webgui installed? When I installed websphere 9.0 /JAZZ/Webgui if I checked Java 2 Security, the webgui no longer worked. He page came up blank.

  • Admin
    Gary Picher
    Sep 23, 2021

    Hi! WebSphere Application Server has supported the ability to enable and configure Java 2 Security for quite a long time. You can find our documentation here:

    https://www.ibm.com/docs/en/was/9.0.5?topic=security-java-2

    It's not enabled by default, but users who wish to use it can enable it and customize their permissions.

    Is this the support that you are looking for?