Skip to Main Content
Cloud Platform


This is an IBM Automation portal for Cloud Platform products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Functionality already exists
Created by Guest
Created on Sep 14, 2021

Support Java 2 Security to restrict application acceess to local resoures

This a CAT-I finding for DoD STIG: Below is their reasoning:

Rule Title: The WebSphere Application Server Java 2 security must be enabled.

Discussion: Java 2 security provides a policy-based fine grained access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 Security is independent on J2EE role-based authorization. Java 2 Security guards access to system resources such as file input and output, sockets, and properties, whereas J2EE security guards access to Web resources such as servlets and JSP files. Administrators should understand the possible consequences of enabling Java 2 Security if applications are not prepared for Java 2 Security. Java 2 Security places some new requirements on application developers and administrators. Admins need to make sure that all the applications are granted the required permissions; otherwise, applications may fail to run. By default, applications are granted the permissions recommended in the J2EE 1.3 Specification. For details of default permissions granted to applications in WebSphere, please refer to the following policy files:

/QIBM/ProdData/Java400/jdk14/lib/security/java.policy
/QIBM/UserData/WebASE51/ASE/instance/properties/server.policy
/QIBM/UserData/WebASE51/ASE/instance/config/cells/cell/nodes/node/app.policy
where instance is the name of your instance, cell is the name of your cell, and node is the name of your node.

Idea priority Medium
  • Guest
    Nov 22, 2021

    Has the been tested with a netcool webgui installed? When I installed websphere 9.0 /JAZZ/Webgui if I checked Java 2 Security, the webgui no longer worked. He page came up blank.

  • Admin
    Gary Picher
    Sep 23, 2021

    Hi! WebSphere Application Server has supported the ability to enable and configure Java 2 Security for quite a long time. You can find our documentation here:

    https://www.ibm.com/docs/en/was/9.0.5?topic=security-java-2

    It's not enabled by default, but users who wish to use it can enable it and customize their permissions.

    Is this the support that you are looking for?