An express or typical
installation completed with the SAS Deployment Wizard creates a SAS
environment that does not use restrictive policy files to limit the
access given to SAS Web applications. By default, the
sas.all.permissions.policy
file
is used to allow access to the SAS Web applications. As a result,
SAS Web applications can access the necessary content.
Java 2 Security provides
a policy-based, fine-grain access control mechanism that increases
overall system integrity by checking for permissions before allowing
access to certain protected system resources. By default, Java 2 Security
is turned off. If your site requires Web applications to use Java
2 Security, the custom installation option in the SAS Deployment Wizard
enables you to configure your SAS environment with restrictive policy
files.
A custom installation
of SAS software gives you the opportunity to select the use of restrictive
policy files for JBoss or WebSphere Application Server. Although WebLogic
Server provides restrictive policy files, implementation of these
policy files is problematic, and they cannot be used in the SAS environment.
Therefore, SAS does not support restrictive policy files for WebLogic
Server.
Your
Instructions.html
file
provides basic guidelines for creating policy files from existing
sample files, saving those files, and rebuilding the applications.
If you chose not to enforce restrictive policy files at the time of
initial installation, choose from one of the following methods for
configuring restrictive policy files:
-
Use the SAS Deployment Manager
to remove the existing configuration of your SAS environment. Then,
reconfigure the environment by choosing the custom installation option
in SAS Deployment Wizard. The custom installation option enables you
to configure restrictive policy files. This method, which is highly
recommended, offers the most dependable and thorough approach to ensure
that your SAS environment is set up correctly to use the Java 2 Security
and restrictive policy files.
-
Manually configure and enforce
the use of restrictive policy files. Follow this method if your site
has significantly large amounts of custom content, and the previously
described method is not feasible at your site.
CAUTION:
SAS strongly
discourages the use of restrictive policy files on SAS middle-tier
applications because they provide no end-user security, they are difficult
to maintain, and they can be very detrimental to application performance.
The SAS Deployment Wizard
implements the following restrictive policies by using different methods
for JBoss and WebSphere Application Server:
-
JBoss: When
policy
files
are edited and the SAS Web applications are rebuilt by using the SAS
Deployment Manager, the edits made to the
policy
files
are united into a single policy file (
sas.restrictive.permissions.policy
)
that is applied to JBoss.
-
WebSphere Application Server: Policy
files for WebSphere Application Server are applied to each EAR file.
Each policy file's inputs are placed into the corresponding EAR file
as a
was.policy
file.