WebSphere won’t start due to Java 2 security policy

If WebSphere won’t start and you have java.security.AccessControlException exception in native_stderr.log (the log file is under websphere install]/AppServer/profiles/[App Server name]/logs/[server name] (e.g., /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1) then this is because Java 2 security is enabled in WebSphere.

If WebSphere has Java 2 security enabled, then vFunction must be granted access in the server policy file. For that, do the following steps:

  1. Edit the server.policy file located in profile_root/properties/server.policy. Default permissions are granted to all the product servers. (see: https://www.ibm.com/docs/en/was/8.5.5?topic=security-java-2-policy-files ). Example path to the file is /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/server.policy
  2. Add the following lines to grant vFunction agent access:
// Allow vFunction
grant codeBase "file:/opt/vfunction/agent/-" {
  permission java.security.AllPermission;
};

Note: the example assumes /opt/vfunction/agent is where the agent is installed – if not, change the lines accordingly (see the JVM arguments you set) 3. Save the file and restart the server.