Monthly Archives: May 2013

Java security in IBM Domino

It has come to my knowledge that what I considered “old” (i.e. well-known) knowledge may not be that know to many people.

For some Java code to be allowed to run on a Domino server you may need to add some security settings to the java.policy file (e.g. allow access to external network ressources). This file can be found in the jvm/lib/security library. However, whenever the Domino server (and the Notes client for that matter) is upgraded (even small upgrades) this file will be overwritten!!

So you have to add your adjustments again – and as a developer you may not even know that the server was upgraded (say from 9.0 to 9.0.1). Well, this is where you will be interested in another file in the same directory: java.security. This file contains a couple of interesting lines:

# The default is to have a single system-wide policy file,
# and a policy file in the user’s home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${java.home}/lib/security/java.pol
policy.url.3=file:///${user.home}/.java.policy

Please note the second policy.url line. That means that you can add a file to the directory called “java.pol“. It has the same syntax as java.policy. But the main difference is that it does not get removed on upgrades….

 

Updated: 25-06-2014

Mark Leusink had an issue with the above and went the extra step to verify that when you do an upgrade to Domino 9.0.1 FP1 the entire jvm/lib/security is replaced (due to an upgrade of the JVM). This will also be a problem with 9.0.2 (not released yet). So please back up your java.pol file before upgrading to either!!

You can see Mark’s findings on his blog.

According to others who have run into this same issue it seems only to be related to Domino servers running on Windows.

Using XPages? – want to disable Dojo?

This is a small very technical tip. It has been documented elsewhere. However, today I came across someone who did not know and, therefore, I decided to write it here. If you are developing XPages using IBM Domino Designer from time to time you may want to stop the loading of the “fat” Dojo libraries.… Læs mere